JLSEC-2026-192
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-192.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-192.json
- JSON Data
- https://api.osv.dev/v1/vulns/JLSEC-2026-192
- Upstream
- Published
- 2026-04-27T13:14:20.203Z
- Modified
- 2026-04-27T13:15:24.429380Z
- Summary
- [none]
- Details
-
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.
- Database specific
{ "license": "CC-BY-4.0", "sources": [ { "database_specific": { "status": "Analyzed" }, "modified": "2025-06-05T14:16:26.557Z", "id": "CVE-2025-5201", "published": "2025-05-26T19:15:20.030Z", "imported": "2026-04-25T08:30:11.418Z", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5201", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5201" } ] }- References
-
- https://github.com/assimp/assimp/issues/6128
- https://github.com/assimp/assimp/issues/6173
- https://github.com/assimp/assimp/issues/6174
- https://github.com/user-attachments/files/20209125/line-832-reproducer.zip
- https://vuldb.com/?ctiid.310290
- https://vuldb.com/?id.310290
- https://vuldb.com/?submit.578006