A code execution vulnerability exists in the OpenImageIO IFFOutput::close() function, which is an image read/write library that also provides tools and applications. An attacker can use this vulnerability to cause a heap buffer overflow via a specially crafted ImageOutput object (when the “xmax” variable is set to 0xFFFF and “m_spec.format” is “typeDesc::UINT16”).