CVE-2026-43903: CWE-787: Out-of-bounds Write in AcademySoftwareFoundation OpenImageIO
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT for bounds checking in the RLE decode loop. In release builds, OIIO_DASSERT compiles to ((void)sizeof(x)) (dassert.h:210), making all bounds checks no-ops. A crafted .sgi file with RLE count exceeding scanline width causes heap buffer overflow and crash. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.
AI Analysis
Technical Summary
The vulnerability in AcademySoftwareFoundation's OpenImageIO involves an out-of-bounds write (CWE-787) in the sgiinput.cpp file during RLE decoding. Specifically, bounds checks implemented with OIIO_DASSERT macros are disabled in release builds, making them ineffective. An attacker can craft a malicious .sgi image file with an RLE count larger than the scanline width, triggering a heap buffer overflow and causing the application to crash. The flaw affects OpenImageIO versions before 3.0.18.0 and versions from 3.1.4.0-beta up to but not including 3.1.13.0. The vulnerability has a CVSS 4.0 score of 8.4, indicating high severity. Fixes are available in versions 3.0.18.0 and 3.1.13.0.
Potential Impact
Successful exploitation of this vulnerability can cause a heap buffer overflow leading to application crashes. The CVSS vector indicates local attack vector with low complexity, no privileges required, but user interaction is needed. The vulnerability has high impact on confidentiality, integrity, and availability, suggesting potential for serious disruption or data compromise in affected environments.
Mitigation Recommendations
This vulnerability is fixed in OpenImageIO versions 3.0.18.0 and 3.1.13.0. Users should upgrade to these or later versions to remediate the issue. Patch status is not explicitly confirmed in the vendor advisory content provided, but the description states the issue is fixed in these versions. No additional mitigations are indicated.
CVE-2026-43903: CWE-787: Out-of-bounds Write in AcademySoftwareFoundation OpenImageIO
Description
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT for bounds checking in the RLE decode loop. In release builds, OIIO_DASSERT compiles to ((void)sizeof(x)) (dassert.h:210), making all bounds checks no-ops. A crafted .sgi file with RLE count exceeding scanline width causes heap buffer overflow and crash. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in AcademySoftwareFoundation's OpenImageIO involves an out-of-bounds write (CWE-787) in the sgiinput.cpp file during RLE decoding. Specifically, bounds checks implemented with OIIO_DASSERT macros are disabled in release builds, making them ineffective. An attacker can craft a malicious .sgi image file with an RLE count larger than the scanline width, triggering a heap buffer overflow and causing the application to crash. The flaw affects OpenImageIO versions before 3.0.18.0 and versions from 3.1.4.0-beta up to but not including 3.1.13.0. The vulnerability has a CVSS 4.0 score of 8.4, indicating high severity. Fixes are available in versions 3.0.18.0 and 3.1.13.0.
Potential Impact
Successful exploitation of this vulnerability can cause a heap buffer overflow leading to application crashes. The CVSS vector indicates local attack vector with low complexity, no privileges required, but user interaction is needed. The vulnerability has high impact on confidentiality, integrity, and availability, suggesting potential for serious disruption or data compromise in affected environments.
Mitigation Recommendations
This vulnerability is fixed in OpenImageIO versions 3.0.18.0 and 3.1.13.0. Users should upgrade to these or later versions to remediate the issue. Patch status is not explicitly confirmed in the vendor advisory content provided, but the description states the issue is fixed in these versions. No additional mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-04T16:11:33.086Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a062489ec166c07b00b4bd0
Added to database: 5/14/2026, 7:37:45 PM
Last enriched: 5/14/2026, 7:53:11 PM
Last updated: 5/15/2026, 7:48:46 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.