OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.
The vulnerability consists of a heap buffer overflow in the header file /OpenImageIO/fmath.h — classified as CWE-787 (out-of-bounds write) and CWE-120 (lack of size validation during copying). An attacker can provide specially crafted input data that causes an overflow beyond the boundaries of allocated heap memory. The attack vector is network-based, requires no authentication or user interaction, which significantly increases its accessibility to potential attackers.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE), as well as compromise the confidentiality, integrity, and availability of the system in full scope.
Patches available from the vendor should be applied in accordance with the references. It is recommended to monitor the project repository on GitHub at the address specified in the references and update to a version containing the fix after it is released.
OpenImageIO version v3.1.0.0dev
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpenimageio
APPOpenimageio3.1.0.0
Related vulnerabilities
Naruszenie segmentacji (segfault) w OpenImageIO przez komponent string_view.h
Heap overflow w OpenImageIO poprzez komponent Fetch64
Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary cod...
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO ma...
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP ima...