Heap Overflow Vulnerability in OpenImageIO by Academy Software Foundation
CVE-2024-55192

9.8CRITICAL

Key Information:

Vendor: Academy Software Foundation
Status: OpenImageIO
Vendor: CVE Published:; 23 January 2025

🔔 Create Academy Software Foundation Vulnerability Alert

What is CVE-2024-55192?

A vulnerability has been identified in OpenImageIO version 3.1.0.0dev that may allow an attacker to exploit a heap overflow through the Fetch64 function. This issue arises when improper handling of inputs occurs, potentially leading to arbitrary code execution or crashes. It is critical for users of OpenImageIO to apply best practices when managing image processing libraries to mitigate any associated risks.

References

https://github.com/AcademySoftwareFoundation/OpenImageIO/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Dec 6, 2024

JSON