PT-2026-41022 · Unknown+2 · Openimageio+2
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenImageIO versions prior to 3.0.18.0
OpenImageIO versions prior to 3.1.13.0
Description
OpenImageIO is a toolset for reading, writing, and manipulating image files for VFX and animation. A heap buffer overflow and crash can occur when processing a crafted .sgi file where the RLE (Run-Length Encoding) count exceeds the scanline width. This happens because the
sgiinput.cpp file uses OIIO DASSERT for bounds checking in the RLE decode loop; in release builds, this macro is compiled as a no-op, effectively disabling the bounds checks.Recommendations
Update to version 3.0.18.0.
Update to version 3.1.13.0.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Openimageio
Ubuntu