CVE-2026-43904
Severity CVSS v4.0:
HIGH
Type:
CWE-787
Out-of-bounds Write
Publication date:
14/05/2026
Last modified:
16/05/2026
Description
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) and :345 (pure RLE) do not clamp the run length to remaining scanline width before writing pixels. The raw packet path (line 403) correctly clamps with std::min, but RLE paths skip this check. A crafted .pic file causes heap overflow up to 65535 bytes. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.
Impact
Base Score 4.0
8.40
Severity 4.0
HIGH
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openimageio:openimageio:*:*:*:*:*:*:*:* | 3.0.18.0 (excluding) | |
| cpe:2.3:a:openimageio:openimageio:*:*:*:*:*:*:*:* | 3.1.4.0 (including) | 3.1.13.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



