Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the softimageinput.cpp process when handling RLE decoding. An attacker can cause a heap buffer overflow by submitting a crafted .pic file with a manipulated run length value that exceeds the scanline width...

CVE-2026-43907

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when...

PT-2026-41028

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i 4 inside SwapRGBABytes causes the function to compute a large negative...

CVE-2026-7582

A flaw was found in AcademySoftwareFoundation OpenImageIO, affecting the DDS Image Handler component. A local attacker could exploit an out-of-bounds write vulnerability by providing a specially crafted image file. This could lead to information disclosure, denial of service, or potentially...

Fedora 44 : ImageMagick / LibRaw / OpenImageIO / OpenImageIO2.5 / etc (2026-bef0050737)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-bef0050737 advisory. LibRaw 0.22.1 and rebuilds ---- Release 3.1.12.0 Apr 1, 2026 -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other clean...

Linux Distros Unpatched Vulnerability : CVE-2022-43597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially craft...

Linux Distros Unpatched Vulnerability : CVE-2022-38143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to...

UBUNTU-CVE-2024-40630

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input...

The vulnerability of the OpenImageIO image processing library, related to reading data beyond the permissible buffer limits, allows attackers to gain access to confidential data.

The vulnerability of the OpenImageIO image processing library lies in the reading of data beyond the allowed buffer size. Exploiting this vulnerability could allow an attacker to gain access to confidential data through a specially created TIFF file...

SUSE CVE-2022-41838

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

DEBIAN-CVE-2022-43598

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This...

UBUNTU-CVE-2022-43598

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This...

UBUNTU-CVE-2022-43602

Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability...