It was discovered that OpenImageIO incorrectly performed bounds checking when processing SGI files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-43903) It was discovered that OpenImageIO incorrectly handled run-length encoding when processing Softimage PIC files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-43904) It was discovered that OpenImageIO incorrectly validated subimage metadata when processing HEIF files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-43906) It was discovered that OpenImageIO contained multiple integer overflow vulnerabilities when processing DPX files. An attacker could possibly use these issues to cause a denial of service or execute arbitrary code. (CVE-2026-43907, CVE-2026-43908, CVE-2026-43909)
Continue reading...
Continue reading...
