Lucene search
+L

7 matches found

nessus
nessus
added 2026/06/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References3
snyk
snyk
added 2026/06/24 3:19 p.m.6 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the sscanf process when parsing LUT data lines from .spi3d files. An attacker can cause arbitrary code execution or application crash by supplying a specially crafted .spi3d file containing excessively long input line...

8.4CVSS6.4AI score0.0012EPSS
Exploits0References2
nvd
nvd
added 2026/06/24 2:17 p.m.12 views

CVE-2026-42450

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte stack buffers when parsing LUT data lines. Input comes from lineBuffer4096, so a crafted .spi3d file can overflow by 4000 bytes on...

8.4CVSS0.0012EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/24 1:20 p.m.4 views

CVE-2026-42450

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte stack buffers when parsing LUT data lines. Input comes from lineBuffer4096, so a crafted .spi3d file can overflow by 4000 bytes on...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/06/24 1:20 p.m.11 views

EUVD-2026-38769

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte stack buffers when parsing LUT data lines. Input comes from lineBuffer4096, so a crafted .spi3d file can overflow by 4000 bytes on...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References2
cve
cve
added 2026/06/24 1:20 p.m.45 views

CVE-2026-42450

Summary: OpenColorIO vulnerability CVE-2026-42450 arises from a stack buffer overflow in the SPI3D LUT parser. The issue is in FileFormatSpi3D.cpp:163, where an unbounded sscanf using “%s” writes into 64-byte stack buffers, with input from lineBuffer[4096], allowing a crafted .spi3d file to overf...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/24 1:20 p.m.34 views

CVE-2026-42450 OpenColorIO vulnerable to stack buffer overflow via unbounded `sscanf %s` in Spi3D (.spi3d) LUT parser

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte stack buffers when parsing LUT data lines. Input comes from lineBuffer4096, so a crafted .spi3d file can overflow by 4000 bytes on...

8.4CVSS0.0012EPSS
Exploits0References2
Rows per page
Query Builder