PT-2026-41029 · Unknown · Openimageio

·

CVE-2026-43996

·

Published

2026-05-14

·

Updated

2026-05-16

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions OpenImageIO versions prior to 3.0.18.0 OpenImageIO versions prior to 3.1.13.0
Description An issue exists in the TGAInput::decode pixel() function where the bounds check computes k + palbytespp using unsigned 32-bit arithmetic. If k is 0xFFFFFFFC and palbytespp is 4, the addition wraps to 0, bypassing the palette alloc size check. This allows the subsequent palette access to use the unwrapped k value as an index, resulting in a read operation approximately 4 GB beyond the start of the palette buffer, leading to a segmentation fault (SEGV), which is an abnormal termination of a program when it attempts to access a memory location that it is not allowed to access.
Recommendations Update to version 3.0.18.0. Update to version 3.1.13.0.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-43996
GHSA-MQ8J-73C4-CR55

Affected Products

Openimageio