CVE-2026-43903
OpenImageIO is affected by CVE-2026-43903 due to a bounds-check issue in the SGI RLE decoder (sgiinput.cpp:265,274) where OIIO_DASSERT can be a no-op in release builds. A crafted .sgi with an RLE count exceeding the scanline width may cause a heap buffer overflow and crash. The vulnerability is f...