Bug 2477577 (CVE-2026-43905) - CVE-2026-43905 OpenImageIO: OpenImageIO: Integer overflow leads to heap overflow and potential arbitrary code execution
Summary: CVE-2026-43905 OpenImageIO: OpenImageIO: Integer overflow leads to heap overf...
Keywords:
Status: NEW
Alias: CVE-2026-43905
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2477867 2477868 2477873
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-14 20:01 UTC by OSIDB Bzimport
Modified: 2026-05-15 13:26 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-14 20:01:54 UTC
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w * h * ch * buffer_bpp using signed 32-bit arithmetic. When the product exceeds INT_MAX, the result wraps to 0 or a small value. m_buf.resize() allocates an undersized buffer, and subsequent pixel write loops cause heap overflow. Conditional on USE_OPENJPH build flag. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.


Note You need to log in before you can comment on or make changes to this bug.