VYPR

Openimageio

by AcademySoftwareFoundation

Source repositories

CVEs (38)

  • CVE-2026-43909HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to…

  • CVE-2026-43908HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i * 3 inside ConvertCbYCrYToRGB() causes the…

  • CVE-2026-43907HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal() in DPXColorConverter.cpp leads to a heap-based…

  • CVE-2024-55195HigJan 23, 2025
    risk 0.49cvss 7.5epss 0.01

    An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.

  • CVE-2026-7582MedMay 1, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be…

  • CVE-2024-40630MedJul 15, 2024
    risk 0.21cvss 4.3epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in…

  • CVE-2024-55193Jan 23, 2025
    risk 0.00cvss epss 0.01

    OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.

  • CVE-2024-55192Jan 23, 2025
    risk 0.00cvss epss 0.01

    OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).

  • CVE-2024-55194Jan 23, 2025
    risk 0.00cvss epss 0.01

    OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

  • CVE-2023-3430Dec 18, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash,…

  • CVE-2023-36183Jul 3, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.

  • CVE-2023-24473Mar 30, 2023
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this…

  • CVE-2023-22845Mar 30, 2023
    risk 0.00cvss epss 0.01

    An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2023-24472Mar 30, 2023
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.

  • CVE-2022-43598Dec 23, 2022
    risk 0.00cvss epss 0.02

    Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these…

  • CVE-2022-36354Dec 23, 2022
    risk 0.00cvss epss 0.01

    A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can…

  • CVE-2022-43599Dec 23, 2022
    risk 0.00cvss epss 0.02

    Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these…

  • CVE-2022-43593Dec 23, 2022
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.

  • CVE-2022-41977Dec 23, 2022
    risk 0.00cvss epss 0.01

    An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2022-43596Dec 23, 2022
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this…

Page 1 of 2