A vulnerability marked as problematic has been reported in Assimp up to 6.0.4 . Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader . The manipulation of the argument aiString leads to out-of-bounds read. This vulnerability is documented as CVE-2026-10233 . The attack needs to be performed locally. Additionally, an exploit exists. The project tagged the reported issue as bug.