CVE-2026-43904: CWE-787: Out-of-bounds Write in AcademySoftwareFoundation OpenImageIO
CVE-2026-43904 is a high-severity out-of-bounds write vulnerability in AcademySoftwareFoundation's OpenImageIO before versions 3. 0. 18. 0 and 3. 1. 13. 0. The issue occurs in the RLE decoding paths of softimageinput. cpp where run lengths are not properly clamped to the remaining scanline width, leading to a heap overflow of up to 65535 bytes when processing a crafted . pic file.
AI Analysis
Technical Summary
OpenImageIO versions prior to 3.0.18.0 and 3.1.13.0 contain an out-of-bounds write vulnerability (CWE-787) in the RLE decoding implementation within softimageinput.cpp. Specifically, the mixed RLE and pure RLE paths do not clamp the run length to the remaining scanline width before writing pixels, unlike the raw packet path which correctly clamps using std::min. This flaw allows a crafted .pic image file to trigger a heap overflow of up to 65535 bytes. The vulnerability is addressed by fixes included in OpenImageIO 3.0.18.0 and 3.1.13.0.
Potential Impact
Successful exploitation of this vulnerability can cause a heap overflow, potentially leading to memory corruption, application crashes, or arbitrary code execution within the context of the user running OpenImageIO. The CVSS 4.0 vector indicates local attack vector with low attack complexity but requires user interaction, and the vulnerability impacts confidentiality, integrity, and availability with high severity.
Mitigation Recommendations
This vulnerability is fixed in OpenImageIO versions 3.0.18.0 and 3.1.13.0. Users and administrators should upgrade affected OpenImageIO installations to at least these versions to remediate the issue. Patch status is not explicitly stated beyond the fixed versions, so verify with the vendor or official OpenImageIO release notes for confirmation. No additional vendor advisory content is provided.
CVE-2026-43904: CWE-787: Out-of-bounds Write in AcademySoftwareFoundation OpenImageIO
Description
CVE-2026-43904 is a high-severity out-of-bounds write vulnerability in AcademySoftwareFoundation's OpenImageIO before versions 3. 0. 18. 0 and 3. 1. 13. 0. The issue occurs in the RLE decoding paths of softimageinput. cpp where run lengths are not properly clamped to the remaining scanline width, leading to a heap overflow of up to 65535 bytes when processing a crafted . pic file.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenImageIO versions prior to 3.0.18.0 and 3.1.13.0 contain an out-of-bounds write vulnerability (CWE-787) in the RLE decoding implementation within softimageinput.cpp. Specifically, the mixed RLE and pure RLE paths do not clamp the run length to the remaining scanline width before writing pixels, unlike the raw packet path which correctly clamps using std::min. This flaw allows a crafted .pic image file to trigger a heap overflow of up to 65535 bytes. The vulnerability is addressed by fixes included in OpenImageIO 3.0.18.0 and 3.1.13.0.
Potential Impact
Successful exploitation of this vulnerability can cause a heap overflow, potentially leading to memory corruption, application crashes, or arbitrary code execution within the context of the user running OpenImageIO. The CVSS 4.0 vector indicates local attack vector with low attack complexity but requires user interaction, and the vulnerability impacts confidentiality, integrity, and availability with high severity.
Mitigation Recommendations
This vulnerability is fixed in OpenImageIO versions 3.0.18.0 and 3.1.13.0. Users and administrators should upgrade affected OpenImageIO installations to at least these versions to remediate the issue. Patch status is not explicitly stated beyond the fixed versions, so verify with the vendor or official OpenImageIO release notes for confirmation. No additional vendor advisory content is provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-04T16:11:33.086Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a062489ec166c07b00b4bd3
Added to database: 5/14/2026, 7:37:45 PM
Last enriched: 5/14/2026, 7:52:31 PM
Last updated: 5/15/2026, 7:49:58 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.