CVE-2026-7582: Out-of-bounds Write in AcademySoftwareFoundation OpenImageIO
A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally. The exploit is now public and may be used. The patch is identified as 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2. Applying a patch is advised to resolve this issue.
AI Analysis
Technical Summary
This vulnerability involves an out-of-bounds write in the DDS Image Handler component of OpenImageIO up to version 3.2.0.1-dev, specifically in the src/dds.imageio/ddsinput.cpp file. The vulnerability requires local access and low privileges to exploit and does not require user interaction. The CVSS 4.0 vector indicates low attack complexity and limited scope impact. A patch is available, identified by commit 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2. OpenImageIO is offered as a cloud service, and remediation is typically managed by the vendor.
Potential Impact
Successful exploitation results in an out-of-bounds write, which could lead to data corruption or potential code execution within the local environment. The attack requires local access with low privileges, limiting the attack surface. No known active exploitation in the wild has been reported. The impact is rated medium with a CVSS score of 4.8.
Mitigation Recommendations
A patch addressing this vulnerability is available (commit 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2). Since OpenImageIO is a cloud-hosted service, the vendor typically manages remediation server-side. Users should consult the vendor advisory to confirm that the patch has been applied and no further action is required. If self-hosting, apply the patch promptly to mitigate the vulnerability.
CVE-2026-7582: Out-of-bounds Write in AcademySoftwareFoundation OpenImageIO
Description
A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally. The exploit is now public and may be used. The patch is identified as 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2. Applying a patch is advised to resolve this issue.
CVSS v4.0
Score 4.8medium
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an out-of-bounds write in the DDS Image Handler component of OpenImageIO up to version 3.2.0.1-dev, specifically in the src/dds.imageio/ddsinput.cpp file. The vulnerability requires local access and low privileges to exploit and does not require user interaction. The CVSS 4.0 vector indicates low attack complexity and limited scope impact. A patch is available, identified by commit 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2. OpenImageIO is offered as a cloud service, and remediation is typically managed by the vendor.
Potential Impact
Successful exploitation results in an out-of-bounds write, which could lead to data corruption or potential code execution within the local environment. The attack requires local access with low privileges, limiting the attack surface. No known active exploitation in the wild has been reported. The impact is rated medium with a CVSS score of 4.8.
Mitigation Recommendations
A patch addressing this vulnerability is available (commit 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2). Since OpenImageIO is a cloud-hosted service, the vendor typically manages remediation server-side. Users should consult the vendor advisory to confirm that the patch has been applied and no further action is required. If self-hosting, apply the patch promptly to mitigate the vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-01T07:00:25.609Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69f4b73ecbff5d8610ec598b
Added to database: 5/1/2026, 2:22:54 PM
Last enriched: 5/9/2026, 2:11:22 AM
Last updated: 6/15/2026, 4:52:30 PM
Views: 68
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.