{"id":"JLSEC-2026-195","details":"A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.","modified":"2026-04-27T13:15:34.079301Z","published":"2026-04-27T13:14:20.203Z","upstream":["CVE-2025-5204"],"database_specific":{"sources":[{"published":"2025-05-26T21:15:19.317Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5204","modified":"2025-06-05T14:15:50.857Z","imported":"2026-04-25T08:30:11.688Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5204","id":"CVE-2025-5204","database_specific":{"status":"Analyzed"}}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6128"},{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6176"},{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6176"},{"type":"WEB","url":"https://github.com/user-attachments/files/20209911/ParseSkinLump-reproducer.zip"},{"type":"WEB","url":"https://vuldb.com/?ctiid.310293"},{"type":"WEB","url":"https://vuldb.com/?id.310293"},{"type":"WEB","url":"https://vuldb.com/?submit.578013"}],"affected":[{"package":{"name":"assimp_jll","ecosystem":"Julia","purl":"pkg:julia/assimp_jll?uuid=54ae6823-98c6-5a7c-8365-5a43b909f91f"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"6.0.4+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-195.json"}}],"schema_version":"1.7.5"}