Academy Software Foundation OpenColorIO Out-of-Bounds Read Vulnerability in FileRules.cpp

A vulnerability allowing out-of-bounds read has been identified in Academy Software Foundation OpenColorIO versions prior to 2.5.0. The issue arises in the function ConvertToRegularExpression within the file src/OpenColorIO/FileRules.cpp. This vulnerability is a heap-use-after-free type, where the application attempts to read a string from a memory region that has just been freed, potentially leading to memory corruption. The vulnerability can be exploited locally, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a heap-use-after-free condition, leading to a memory access violation. This type of vulnerability can often be exploited to perform arbitrary memory operations, which may result in memory corruption or a crash, disrupting the application's normal operation.

Reproduction

The vulnerability can be reproduced by compiling the OpenColorIO test harness with AddressSanitizer enabled. After compiling the harness, it can be run with a specific input that triggers the vulnerability. The AddressSanitizer will report the heap-use-after-free error, indicating that the vulnerability has been successfully exploited.

Remediation

Users are advised to upgrade to OpenColorIO version 2.5.1, where this vulnerability has been fixed.