{"id":"JLSEC-2026-193","details":"A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validate_header of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.","modified":"2026-04-27T13:15:27.424291Z","published":"2026-04-27T13:14:20.203Z","upstream":["CVE-2025-5202"],"database_specific":{"sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5202","published":"2025-05-26T20:15:19.790Z","imported":"2026-04-25T08:30:11.505Z","id":"CVE-2025-5202","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5202","modified":"2025-06-05T14:16:16.410Z","database_specific":{"status":"Analyzed"}}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6128"},{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6174"},{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6174"},{"type":"WEB","url":"https://github.com/user-attachments/files/20209236/reproducer.zip"},{"type":"WEB","url":"https://vuldb.com/?ctiid.310291"},{"type":"WEB","url":"https://vuldb.com/?id.310291"},{"type":"WEB","url":"https://vuldb.com/?submit.578007"}],"affected":[{"package":{"name":"assimp_jll","ecosystem":"Julia","purl":"pkg:julia/assimp_jll?uuid=54ae6823-98c6-5a7c-8365-5a43b909f91f"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"6.0.4+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-193.json"}}],"schema_version":"1.7.5"}