JLSEC-2026-195
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-195.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-195.json
- JSON Data
- https://api.osv.dev/v1/vulns/JLSEC-2026-195
- Upstream
- Published
- 2026-04-27T13:14:20.203Z
- Modified
- 2026-04-27T13:15:34.079301Z
- Summary
- [none]
- Details
-
A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump3DGSMDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.
- Database specific
{ "sources": [ { "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5204", "database_specific": { "status": "Analyzed" }, "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5204", "modified": "2025-06-05T14:15:50.857Z", "id": "CVE-2025-5204", "imported": "2026-04-25T08:30:11.688Z", "published": "2025-05-26T21:15:19.317Z" } ], "license": "CC-BY-4.0" }- References
-
- https://github.com/assimp/assimp/issues/6128
- https://github.com/assimp/assimp/issues/6176
- https://github.com/assimp/assimp/issues/6176
- https://github.com/user-attachments/files/20209911/ParseSkinLump-reproducer.zip
- https://vuldb.com/?ctiid.310293
- https://vuldb.com/?id.310293
- https://vuldb.com/?submit.578013