Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
File-parsing flaw triggered by opening a crafted LUT, so AV:L and UI:R with PR:N; the stack overflow can yield full local process compromise, giving C/I/A:H.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte stack buffers when parsing LUT data lines. Input comes from lineBuffer[4096], so a crafted .spi3d file can overflow by ~4000 bytes on non-Windows. Version 2.5.2 fixes the issue.
AnalysisAI
Stack buffer overflow in OpenColorIO's .spi3d LUT parser allows a crafted color-lookup file to corrupt memory in any application that loads it. The flaw in FileFormatSpi3D.cpp reads attacker-controlled data from a 4096-byte line into 64-byte stack buffers via unbounded sscanf %s, permitting an overflow of roughly 4000 bytes on non-Windows platforms. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to load a crafted .spi3d LUT file through OpenColorIO's file parser on a non-Windows platform (the description states the overflow occurs on non-Windows; Windows is noted as not affected by this overflow). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H, base 8.4) characterizes this as a local, low-complexity, unauthenticated issue that requires victim interaction (UI:A) - i.e., the attacker does not need an account, but a user or pipeline must open/process the malicious .spi3d file, which is the dominant limiting factor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious .spi3d LUT file with an overly long data token and distributes it through a shared VFX asset library, project deliverable, or downloaded look pack. When an artist or an automated render pipeline opens the file in an OCIO-backed application on Linux or macOS, the oversized token overflows a 64-byte stack buffer by roughly 4000 bytes, corrupting the stack and potentially leading to crash or code execution in the host process. … |
| Remediation | Vendor-released patch: OpenColorIO 2.5.2, which is ABI compatible with 2.5.1 and fixes the issue via PR #2307 ('Improve LUT loading checks'); upgrade to v2.5.2 or rebuild/relink any application that embeds OCIO against this version (https://github.com/AcademySoftwareFoundation/OpenColorIO/releases/tag/v2.5.2, advisory GHSA-rxp3-rrgx-f547). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running OpenColorIO prior to version 2.5.2 and restrict user ability to load color lookup files from untrusted sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38769