Skip to main content

OpenImageIO EUVDEUVD-2026-26532

| CVE-2026-7582 LOW
Buffer Overflow (CWE-119)
2026-05-01 cna@vuldb.com
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
PoC Detected
May 01, 2026 - 15:26 vuln.today
Public exploit code
Source Code Evidence Fetched
May 01, 2026 - 14:30 vuln.today
Analysis Generated
May 01, 2026 - 14:30 vuln.today
EUVD ID Assigned
May 01, 2026 - 14:22 euvd
EUVD-2026-26532
Analysis Generated
May 01, 2026 - 14:22 vuln.today
CVE Published
May 01, 2026 - 14:16 nvd
LOW 1.9

DescriptionCVE.org

A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally. The exploit is now public and may be used. The patch is identified as 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2. Applying a patch is advised to resolve this issue.

AnalysisAI

Out-of-bounds write in AcademySoftwareFoundation OpenImageIO up to version 3.2.0.1-dev occurs in the DDS Image Handler (ddsinput.cpp) when processing specially crafted DDS image files. A local attacker with limited privileges can trigger the vulnerability by opening a malicious DDS file, potentially causing memory corruption and denial of service. Publicly available exploit code exists, though the CVSS score of 1.9 reflects low impact scope and limited privileges required.

Technical ContextAI

OpenImageIO is an image processing library used for reading and writing various image formats. The vulnerability resides in the DDS (DirectDraw Surface) image input handler, specifically in the internal_readimg and internal_seek_subimage functions of src/dds.imageio/ddsinput.cpp. The root cause (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) stems from insufficient bounds checking when processing DDS image dimensions. The patch converts dimension parameters from signed integers (int) to unsigned integers (size_t) and adds explicit validation checks that compare proposed image dimensions against maximum safe limits (32768x32768 for 2D textures, 16384x16384 for cube maps, 4096x4096x4096 for volume textures). This prevents integer underflow and subsequent out-of-bounds memory writes in pixel processing loops.

RemediationAI

Apply the upstream patch immediately by updating to a patched release version of OpenImageIO or by cherry-picking commit 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2 or later. The patch is available at https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/5131. For organizations unable to patch immediately, implement process-level isolation by running OpenImageIO in sandboxed or containerized environments with restricted resource limits and memory protections enabled (e.g., Address Space Layout Randomization, stack canaries). Restrict DDS file processing to trusted sources only and implement application-level validation of DDS image dimensions before passing to OpenImageIO-reject files declaring dimensions exceeding 32768x32768 for 2D textures, 16384x16384 for cube maps, or 4096x4096x4096 for volume textures. Monitor process execution for crashes or segmentation faults when processing DDS files as a detection mechanism for exploitation attempts. Note that sandboxing adds computational overhead and may impact batch processing throughput; resource validation adds CPU overhead proportional to file count but is the most compatible workaround.

Share

EUVD-2026-26532 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy