{"id":"JLSEC-2026-196","details":"A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.","modified":"2026-04-27T13:15:38.188697Z","published":"2026-04-27T13:14:20.203Z","upstream":["CVE-2025-6119"],"database_specific":{"sources":[{"database_specific":{"status":"Analyzed"},"id":"CVE-2025-6119","published":"2025-06-16T11:15:19.210Z","modified":"2025-06-17T19:38:01.073Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-6119","imported":"2026-04-25T08:30:11.814Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6119"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6219"},{"type":"WEB","url":"https://github.com/assimp/assimp/issues/6219#issuecomment-2945016005"},{"type":"WEB","url":"https://github.com/user-attachments/files/20604791/reproduce_2.tar.gz"},{"type":"WEB","url":"https://vuldb.com/?ctiid.312588"},{"type":"WEB","url":"https://vuldb.com/?id.312588"},{"type":"WEB","url":"https://vuldb.com/?submit.591233"}],"affected":[{"package":{"name":"assimp_jll","ecosystem":"Julia","purl":"pkg:julia/assimp_jll?uuid=54ae6823-98c6-5a7c-8365-5a43b909f91f"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"6.0.4+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-196.json"}}],"schema_version":"1.7.5"}