{"id":"JLSEC-2026-192","details":"A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.","modified":"2026-04-27T13:15:40.327862Z","published":"2026-04-27T13:14:20.203Z","upstream":["CVE-2025-5201"],"database_specific":{"license":"CC-BY-4.0","sources":[{"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5201","id":"CVE-2025-5201","imported":"2026-04-25T08:30:11.418Z","modified":"2025-06-05T14:16:26.557Z","published":"2025-05-26T19:15:20.030Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5201","database_specific":{"status":"Analyzed"}}]},"references":[{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6128"},{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6173"},{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6174"},{"type":"WEB","url":"https://github.com/user-attachments/files/20209125/line-832-reproducer.zip"},{"type":"WEB","url":"https://vuldb.com/?ctiid.310290"},{"type":"WEB","url":"https://vuldb.com/?id.310290"},{"type":"WEB","url":"https://vuldb.com/?submit.578006"}],"affected":[{"package":{"name":"assimp_jll","ecosystem":"Julia","purl":"pkg:julia/assimp_jll?uuid=54ae6823-98c6-5a7c-8365-5a43b909f91f"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"6.0.4+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-192.json"}}],"schema_version":"1.7.5"}