PT-2026-41027 · Unknown+2 · Openimageio+2
Biniamf
·
Published
2026-05-14
·
Updated
2026-06-16
·
CVE-2026-43908
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OpenImageIO versions prior to 3.0.18.0
OpenImageIO versions prior to 3.1.13.0
Description
A signed 32-bit integer overflow occurs in the pixel-loop index expression
i * 3 within the ConvertCbYCrYToRGB() function. This causes the function to calculate a large negative pointer offset into the output buffer, resulting in an out-of-bounds write that can lead to a process crash and denial of service.Recommendations
Update to version 3.0.18.0.
Update to version 3.1.13.0.
As a temporary workaround, restrict the use of the
ConvertCbYCrYToRGB() function until the updates are applied.Exploit
Fix
Integer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linuxmint
Openimageio
Ubuntu