Volerion logoVolerion
Volerion logoVolerion

OpenImageIO Heap Overflow Vulnerability in Image Processing Component

Vulnerability

A heap overflow vulnerability has been identified in OpenImageIO version 3.1.0.0dev. The issue arises in the image processing component, specifically within the 'fmath.h' file, at line 983. This vulnerability was discovered during fuzz testing of the 'oiiotool' command-line utility, which is part of the OpenImageIO suite.

Impact

Exploitation of this vulnerability leads to a heap-buffer overflow, a common type of memory corruption issue that can be exploited to execute arbitrary code or cause a program to crash.

Reproduction

The vulnerability can be reproduced by compiling OpenImageIO with AddressSanitizer enabled, using specific compiler flags to optimize debugging and memory error detection. After building the application, the 'oiiotool' can be run with a crafted input that triggers the heap overflow while processing image data.

Remediation

Users can update to the latest version of OpenImageIO, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.2
impact
2.5
exploitability
6.0
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.