#1135382 openimageio: CVE-2026-7582

Package:
src:openimageio
Source:
src:openimageio
Submitter:
Salvatore Bonaccorso
Date:
2026-05-13 02:47:11 UTC
Severity:
normal
Tags:
#1135382#5
Date:
2026-05-01 21:13:35 UTC
From:
To:
Hi,

The following vulnerability was published for openimageio.

CVE-2026-7582[0]:
| A vulnerability was detected in AcademySoftwareFoundation
| OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown
| code of the file src/dds.imageio/ddsinput.cpp of the component DDS
| Image Handler. The manipulation results in out-of-bounds write. The
| attack needs to be approached locally. The exploit is now public and
| may be used. The patch is identified as
| 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2. Applying a patch is
| advised to resolve this issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-7582
https://www.cve.org/CVERecord?id=CVE-2026-7582
[1] https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/5131
[2] https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/94ec2deec3e3bf2f2e2ff84d008e27425d626fe2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore