Primary

Context

OpenImageIO Segmentation Violation Vulnerability in String View Component

Vulnerability

A segmentation violation vulnerability has been identified in OpenImageIO version 3.1.0.0dev. The issue arises in the string_view component, specifically at line 262 of the header file. This vulnerability was discovered during fuzz testing of the 'iconvert' tool, which is part of the OpenImageIO suite.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a denial of service by crashing the application.

Reproduction

The vulnerability can be reproduced by compiling OpenImageIO with AddressSanitizer enabled, using specific compiler flags to optimize debugging and memory error detection. After building the application, the 'iconvert' tool can be run with parameters that trigger the vulnerability, such as processing an image file that causes the application to read memory incorrectly, leading to a segmentation fault.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenImageIO Segmentation Violation Vulnerability in String View Component

Vulnerability

Impact

Reproduction

Affected Products

AcademySoftwareFoundation OpenImageIO

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating