CVE-2026-43909: CWE-125: Out-of-bounds Read in AcademySoftwareFoundation OpenImageIO
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to compute a large negative pointer offset when processing kABGR DPX images with large dimensions. The immediate crash is an out-of-bounds read (the memcpy at line 45 reads from &input[i * 4] first), but the subsequent write operations at lines 46–49 target the same wrapped offset — making this a combined OOB read+write primitive. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.
AI Analysis
Technical Summary
OpenImageIO versions before 3.0.18.0 and between 3.1.4.0-beta and 3.1.13.0 contain a vulnerability in the SwapRGBABytes() function where a signed 32-bit integer overflow in the loop index expression (i * 4) results in a large negative pointer offset. This causes an out-of-bounds read via memcpy and subsequent out-of-bounds writes to the same wrapped offset when processing kABGR DPX images with large dimensions. This combined out-of-bounds read and write can lead to memory corruption. The vulnerability is addressed in versions 3.0.18.0 and 3.1.13.0.
Potential Impact
The vulnerability allows an attacker to cause out-of-bounds memory reads and writes, which can lead to application crashes and potentially arbitrary code execution. The CVSS score of 8.8 reflects high impact on confidentiality, integrity, and availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
This vulnerability is fixed in OpenImageIO versions 3.0.18.0 and 3.1.13.0. Users should upgrade to these or later versions to remediate the issue. Patch status is not explicitly confirmed beyond the fixed versions, so verify with the vendor advisory for the latest remediation guidance.
CVE-2026-43909: CWE-125: Out-of-bounds Read in AcademySoftwareFoundation OpenImageIO
Description
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to compute a large negative pointer offset when processing kABGR DPX images with large dimensions. The immediate crash is an out-of-bounds read (the memcpy at line 45 reads from &input[i * 4] first), but the subsequent write operations at lines 46–49 target the same wrapped offset — making this a combined OOB read+write primitive. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenImageIO versions before 3.0.18.0 and between 3.1.4.0-beta and 3.1.13.0 contain a vulnerability in the SwapRGBABytes() function where a signed 32-bit integer overflow in the loop index expression (i * 4) results in a large negative pointer offset. This causes an out-of-bounds read via memcpy and subsequent out-of-bounds writes to the same wrapped offset when processing kABGR DPX images with large dimensions. This combined out-of-bounds read and write can lead to memory corruption. The vulnerability is addressed in versions 3.0.18.0 and 3.1.13.0.
Potential Impact
The vulnerability allows an attacker to cause out-of-bounds memory reads and writes, which can lead to application crashes and potentially arbitrary code execution. The CVSS score of 8.8 reflects high impact on confidentiality, integrity, and availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
This vulnerability is fixed in OpenImageIO versions 3.0.18.0 and 3.1.13.0. Users should upgrade to these or later versions to remediate the issue. Patch status is not explicitly confirmed beyond the fixed versions, so verify with the vendor advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-04T16:11:33.086Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a06248cec166c07b00b4c66
Added to database: 5/14/2026, 7:37:48 PM
Last enriched: 5/14/2026, 7:51:48 PM
Last updated: 5/15/2026, 6:29:17 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.