Heap Overflow Vulnerability in OpenImageIO Affects Academy Software Foundation's Product
CVE-2024-55194

9.8CRITICAL

Key Information:

Vendor: Academy Software Foundation
Status: OpenImageIO
Vendor: CVE Published:; 23 January 2025

🔔 Create Academy Software Foundation Vulnerability Alert

What is CVE-2024-55194?

A heap overflow vulnerability has been identified in OpenImageIO, specifically in the fmath.h component. This flaw allows an attacker to potentially exploit memory management routines, leading to unintended behavior or potential code execution. Developers using affected versions should prioritize updating to secure their applications against possible exploitation.

References

https://github.com/AcademySoftwareFoundation/OpenImageIO/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Dec 6, 2024

JSON