VYPR
Vendor

AcademySoftwareFoundation

Products
3
CVEs
41
Across products
41
Status
Private

Products

3

Recent CVEs

41
View all 41 CVEs →
  • CVE-2026-43909HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to…

  • CVE-2026-43908HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i * 3 inside ConvertCbYCrYToRGB() causes the…

  • CVE-2026-43907HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal() in DPXColorConverter.cpp leads to a heap-based…

  • CVE-2024-55195HigJan 23, 2025
    risk 0.49cvss 7.5epss 0.01

    An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.

  • CVE-2026-7582MedMay 1, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be…

  • CVE-2024-40630MedJul 15, 2024
    risk 0.21cvss 4.3epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in…

  • CVE-2006-2277May 10, 2006
    risk 0.04cvss epss 0.07

    Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using…

  • CVE-2026-42450Jun 24, 2026
    risk 0.00cvss epss 0.00

    OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT data lines. Input comes from `lineBuffer[4096]`, so a crafted .spi3d file can…

  • CVE-2026-44663Jun 18, 2026
    risk 0.00cvss epss 0.00

    OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl() in src/lib/OpenEXRCore/internal_ht.cpp leads to a heap-buffer overflow when…

  • CVE-2024-55192Jan 23, 2025
    risk 0.00cvss epss 0.01

    OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).

  • CVE-2024-55193Jan 23, 2025
    risk 0.00cvss epss 0.01

    OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.

  • CVE-2024-55194Jan 23, 2025
    risk 0.00cvss epss 0.01

    OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

  • CVE-2023-3430Dec 18, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash,…

  • CVE-2023-36183Jul 3, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.

  • CVE-2023-24473Mar 30, 2023
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this…

  • CVE-2023-22845Mar 30, 2023
    risk 0.00cvss epss 0.01

    An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2023-24472Mar 30, 2023
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.

  • CVE-2022-43599Dec 23, 2022
    risk 0.00cvss epss 0.02

    Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these…

  • CVE-2022-41988Dec 23, 2022
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger…

  • CVE-2022-36354Dec 23, 2022
    risk 0.00cvss epss 0.01

    A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can…