JLSEC-2026-197

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-197.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-197.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-197

Upstream

CVE-2025-6120

Published

2026-04-27T13:14:20.203Z

Modified

2026-04-27T13:15:40.761732Z

Summary

[none]

Details

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Database specific

{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-6120",
            "database_specific": {
                "status": "Analyzed"
            },
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6120",
            "modified": "2025-06-17T19:37:41.883Z",
            "id": "CVE-2025-6120",
            "imported": "2026-04-25T08:30:11.901Z",
            "published": "2025-06-16T12:15:19.750Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / assimp_jll

Package

Name: assimp_jll
Purl: pkg:julia/assimp_jll?uuid=54ae6823-98c6-5a7c-8365-5a43b909f91f

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.4+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-197.json"