JLSEC-2026-190

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-190.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-190.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-190

Upstream

CVE-2025-3548

Published

2026-04-27T13:14:20.203Z

Modified

2026-04-27T13:15:18.217331Z

Summary

[none]

Details

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Database specific

{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "published": "2025-04-14T03:15:16.640Z",
            "modified": "2025-09-29T21:31:15.130Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-3548",
            "imported": "2026-04-25T08:30:10.669Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3548",
            "database_specific": {
                "status": "Analyzed"
            },
            "id": "CVE-2025-3548"
        }
    ]
}

References

Affected packages

Julia / assimp_jll

Package

Name: assimp_jll
Purl: pkg:julia/assimp_jll?uuid=54ae6823-98c6-5a7c-8365-5a43b909f91f

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.4+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-190.json"