Academy Software Foundation OpenImageIO Out-of-Bounds Write Vulnerability in DDS Image Handler

A vulnerability allowing out-of-bounds write has been identified in Academy Software Foundation OpenImageIO versions through 3.2.0.1-dev. The issue resides in the DDS Image Handler component, specifically within the file ddsinput.cpp. This vulnerability requires local exploitation.

Impact

Exploitation of this vulnerability leads to memory corruption, which can commonly result in arbitrary code execution or causing a crash.

Reproduction

The vulnerability can be reproduced by using OpenImageIO's DDS image handling capabilities to process a specially crafted DDS file that exploits the out-of-bounds write condition. This can be done by uploading the malicious DDS file through the OpenImageIO command-line tools or by using the OpenImageIO library in a C++ or Python application. The 'readimg' function of the DDSImageInput class can be used to trigger the vulnerability, as it does not properly validate image dimensions before processing, allowing for the out-of-bounds write to occur.

Remediation

Users are advised to update to the patched version of OpenImageIO. The patch has been merged into the main branch and is available in the latest release.