8.8
CVE-2026-43908
- EPSS 0.04%
- Veröffentlicht 14.05.2026 19:01:21
- Zuletzt bearbeitet 15.05.2026 18:07:55
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOpenImageIO: Signed integer overflow in ConvertCbYCrYToRGB leads to heap out-of-bounds write in DPX 4:2:2 decoder
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i * 3 inside ConvertCbYCrYToRGB() causes the function to compute a large negative pointer offset into the output buffer, producing an out-of-bounds write that crashes the process. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openimageio ≫ Openimageio Version < 3.0.18.0
Openimageio ≫ Openimageio Version >= 3.1.4.0 < 3.1.13.0
Openimageio ≫ Openimageio Version3.2.0.0 Updatedev
Openimageio ≫ Openimageio Version3.2.0.2 Updatedev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.118 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.