Fluid Attacks Database

Description

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) and :345 (pure RLE) do not clamp the run length to remaining scanline width before writing pixels. The raw packet path (line 403) correctly clamps with std::min, but RLE paths skip this check. A crafted .pic file causes heap overflow up to 65535 bytes. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	openimageio	=2.4.12.0+dfsg-1 \|\| =2.4.13.0+dfsg-1 \|\| =2.4.14.0+dfsg-1 \|\| =2.4.16.0+dfsg-1 \|\| =2.4.17.0+dfsg-1 \|\| =2.4.17.0+dfsg-1.1 \|\| =2.4.7.1+dfsg-2 \|\| =2.4.9.0+dfsg-1 \|\| =2.5.10.1+dfsg-1 \|\| =2.5.12.0+dfsg-1 \|\| =2.5.12.0+dfsg-2 \|\| =2.5.14.0+dfsg-1 \|\| =2.5.15.0+dfsg-1 \|\| =2.5.16.0+dfsg-1 \|\| =2.5.18.0+dfsg-1 \|\| =2.5.19.1+dfsg-1 \|\| =2.5.19.1+dfsg-2 \|\| =2.5.7.0+dfsg-1
debian 14	openimageio	=2.5.18.0+dfsg-1 \|\| =2.5.19.1+dfsg-1 \|\| =2.5.19.1+dfsg-2
debian 13	openimageio	=2.5.18.0+dfsg-1 \|\| =2.5.19.1+dfsg-1 \|\| =2.5.19.1+dfsg-2
debian 11	openimageio	=2.2.10.1+dfsg-1 \|\| =2.2.10.1+dfsg-1+deb11u1 \|\| =2.2.13.1+dfsg-1 \|\| =2.2.14.0+dfsg-1 \|\| =2.2.16.0+dfsg-1 \|\| =2.2.17.0+dfsg-1 \|\| =2.2.17.0+dfsg-2 \|\| =2.2.18.0+dfsg-1 \|\| =2.2.18.0+dfsg-2 \|\| =2.3.11.0+dfsg-1 \|\| =2.3.12.0+dfsg-1 \|\| =2.3.14.0+dfsg-1 \|\| =2.3.14.0+dfsg-2 \|\| =2.3.14.0+dfsg-3 \|\| =2.3.17.0+dfsg-1 \|\| =2.3.18.0+dfsg-1 \|\| =2.3.18.0+dfsg-2 \|\| =2.3.18.0+dfsg-3 \|\| =2.3.18.0+dfsg-4 \|\| =2.3.18.0+dfsg-5 \|\| =2.3.18.0+dfsg-6 \|\| =2.3.21.0+dfsg-1 \|\| =2.3.8.0+dfsg-1 \|\| =2.3.9.1+dfsg-1 \|\| =2.4.12.0+dfsg-1 \|\| =2.4.13.0+dfsg-1 \|\| =2.4.14.0+dfsg-1 \|\| =2.4.16.0+dfsg-1 \|\| =2.4.17.0+dfsg-1 \|\| =2.4.17.0+dfsg-1.1 \|\| =2.4.7.1+dfsg-1 \|\| =2.4.7.1+dfsg-2 \|\| =2.4.9.0+dfsg-1 \|\| =2.5.10.1+dfsg-1 \|\| =2.5.12.0+dfsg-1 \|\| =2.5.12.0+dfsg-2 \|\| =2.5.14.0+dfsg-1 \|\| =2.5.15.0+dfsg-1 \|\| =2.5.16.0+dfsg-1 \|\| =2.5.18.0+dfsg-1 \|\| =2.5.19.1+dfsg-1 \|\| =2.5.19.1+dfsg-2 \|\| =2.5.7.0+dfsg-1

Aliases

1. CVE-2026-439042. NVD-2026-439043. OSV-DEBIAN-2026-439044. OSV-2026-439045. SECURITY-TRACKER-CVE-2026-43904

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.