CVE-2025-15506

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions AcademySoftwareFoundation OpenColorIO versions through 2.5.0

Description An issue exists in AcademySoftwareFoundation OpenColorIO up to version 2.5.0 related to an out-of-bounds read condition. This occurs within the ConvertToRegularExpression function located in the src/OpenColorIO/FileRules.cpp file. Exploitation requires local access. The exploit for this issue has been publicly released. Increased actor activity targeting this software has been observed.

Recommendations Versions prior to 2.5.1 are affected. Deploy the patch ebdbb75123c9d5f4643e041314e2bc988a13f20d. Update to version 2.5.1 or later.

Exploit

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

CVE-2025-15506

GHSA-M86R-WR74-693H

Affected Products

Debian

Opencolorio

CVE-2025-15506

Weakness Enumeration

Related Identifiers

Affected Products

References · 22