OPENSUSE-SU-2026:10918-1 OpenImageIO-3.1.14.0-1.1 on GA media

These are all security issues fixed in the OpenImageIO-3.1.14.0-1.1 package on the GA media of openSUSE Tumbleweed...

Astra Linux - уязвимость в openimageio

A denial-of-service vulnerability exists in the DPXOutput::close function of the OpenImageIO Project, version 2.4.4.2. A specially crafted ImageOutput object can lead to a null pointer dereferencing issue. An attacker can provide malicious input to trigger this vulnerability...

Astra Linux - уязвимость в openimageio

There is a heap out-of-bounds read vulnerability in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially crafted .psd file can cause a read of arbitrary memory addresses, leading to a denial of service attack. An attacker can provide a...

Astra Linux - уязвимость в openimageio

There are multiple denial-of-service vulnerabilities in the image output closing functionality of the OpenImageIO Project’s OpenImageIO v2.4.4.2. specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious inputs to exploit these...

Astra Linux - уязвимость в openimageio

There are multiple code execution vulnerabilities in the IFFOutput::close function of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to exploit these vulnerabilities...

Astra Linux - уязвимость в openimageio

There is an information disclosure vulnerability in the DPXOutput::close function of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput object can lead to the leakage of heap data. An attacker can provide malicious input to trigger this vulnerability...

Astra Linux - уязвимость в openimageio

There are multiple denial-of-service vulnerabilities in the image output closing functionality of the OpenImageIO Project’s OpenImageIO v2.4.4.2. specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious inputs to exploit these...

Astra Linux - уязвимость в openimageio

A heap-based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в openimageio

A denial-of-service vulnerability exists in the FitsOutput::close function of the OpenImageIO Project, version 2.4.7.1. A specially crafted ImageOutput object can lead to a denial-of-service attack. An attacker can provide malicious input to trigger this vulnerability...

Astra Linux - уязвимость в openimageio

A buffer overflow vulnerability exists in OpenImageIO v.2.4.12.0 and earlier versions. This vulnerability allows a remote attacker to execute arbitrary code and obtain sensitive information through a crafted file sent to the readimg function...

Astra Linux - уязвимость в openimageio

There is a heap-out-of-bounds read vulnerability in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, it relates to the handling of run-length encoded byte spans. A malformed RLA file can lead to an out-of-bounds read of heap metadata, potentially...

Astra Linux - уязвимость в openimageio

A denial-of-service vulnerability exists in the ZfileOutput::close function of the OpenImageIO Project, version 2.4.4.2. A specially crafted ImageOutput object can lead to a denial-of-service attack. An attacker can provide a malicious file that triggers this vulnerability...

SUSE CVE-2026-43903

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIODASSERT for bounds checking in the RLE decode loop. In release builds, OIIODASSERT compiles to voidsizeofx...

SUSE CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

SUSE CVE-2026-43905

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

SUSE CVE-2026-43906

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

SUSE CVE-2026-43908

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...

SUSE CVE-2026-43996

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

CVE-2026-43908

A flaw was found in OpenImageIO. A signed 32-bit integer overflow in the ConvertCbYCrYToRGB function can lead to an out-of-bounds write. A remote attacker could exploit this by convincing a user to process a specially crafted image file, resulting in a denial of service DoS due to a process crash...

CVE-2026-43996

A flaw was found in OpenImageIO. An integer overflow vulnerability exists in the TGAInput::decodepixel function's bounds check. This flaw allows a local attacker, by enticing a user to process a specially crafted image file, to cause an out-of-bounds read, leading to a segmentation fault and a...