2492198 – (CVE-2026-42450) CVE-2026-42450 OpenColorIO: stack-based buffer overflow via unbounded 'sscanf %s' in Spi3D (.spi3d) LUT parser

Bug 2492198 (CVE-2026-42450) - CVE-2026-42450 OpenColorIO: stack-based buffer overflow via unbounded 'sscanf %s' in Spi3D (.spi3d) LUT parser

Summary: CVE-2026-42450 OpenColorIO: stack-based buffer overflow via unbounded 'sscanf...

Keywords:
Status:	NEW
Alias:	CVE-2026-42450
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2492210 2492211
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-24 14:02 UTC by OSIDB Bzimport
Modified:	2026-06-24 14:31 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-24 14:02:29 UTC

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT data lines. Input comes from `lineBuffer[4096]`, so a crafted .spi3d file can overflow by ~4000 bytes on non-Windows. Version 2.5.2 fixes the issue.

Note You need to log in before you can comment on or make changes to this bug.