PT-2026-41029 · Unknown · Openimageio
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenImageIO versions prior to 3.0.18.0
OpenImageIO versions prior to 3.1.13.0
Description
An issue exists in the
TGAInput::decode pixel() function where the bounds check computes k + palbytespp using unsigned 32-bit arithmetic. If k is 0xFFFFFFFC and palbytespp is 4, the addition wraps to 0, bypassing the palette alloc size check. This allows the subsequent palette access to use the unwrapped k value as an index, resulting in a read operation approximately 4 GB beyond the start of the palette buffer, leading to a segmentation fault (SEGV), which is an abnormal termination of a program when it attempts to access a memory location that it is not allowed to access.Recommendations
Update to version 3.0.18.0.
Update to version 3.1.13.0.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openimageio