JLSEC-2026-189

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-189.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-189.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-189

Upstream

CVE-2025-15538

Published

2026-04-27T13:14:20.203Z

Modified

2026-04-27T13:15:15.291588Z

Summary

[none]

Details

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.

Database specific

{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15538",
            "database_specific": {
                "status": "Analyzed"
            },
            "id": "CVE-2025-15538",
            "imported": "2026-04-25T08:30:12.270Z",
            "modified": "2026-02-10T17:10:23.880Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-15538",
            "published": "2026-01-18T23:15:47.653Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / assimp_jll

Package

Name: assimp_jll
Purl: pkg:julia/assimp_jll?uuid=54ae6823-98c6-5a7c-8365-5a43b909f91f

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.4+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-189.json"