PT-2026-41024 · Academy Software Foundation · Openimageio
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2026-43905
CVSS v4.0
7.1
High
| Vector | AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w * h * ch * buffer bpp using signed 32-bit arithmetic. When the product exceeds INT MAX, the result wraps to 0 or a small value. m buf.resize() allocates an undersized buffer, and subsequent pixel write loops cause heap overflow. Conditional on USE OPENJPH build flag. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.
Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openimageio