JLSEC-2026-194

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-194.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-194.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-194

Upstream

CVE-2025-5203

Published

2026-04-27T13:14:20.203Z

Modified

2026-04-27T13:15:30.580228Z

Summary

[none]

Details

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Database specific

{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "id": "CVE-2025-5203",
            "database_specific": {
                "status": "Analyzed"
            },
            "modified": "2025-06-05T14:16:06.320Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5203",
            "imported": "2026-04-25T08:30:11.592Z",
            "published": "2025-05-26T20:15:19.987Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5203"
        }
    ]
}

References

Affected packages

Julia / assimp_jll

Package

Name: assimp_jll
Purl: pkg:julia/assimp_jll?uuid=54ae6823-98c6-5a7c-8365-5a43b909f91f

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.4+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-194.json"