CVE-2026-43908 | AcademySoftwareFoundation OpenImageIO up to 3.0.18.0/3.1.13.0 ConvertCbYCrYToRGB integer overflow (GHSA-2jr5-q49v-3858)

A vulnerability labeled as critical has been found in AcademySoftwareFoundation OpenImageIO up to 3.0.18.0/3.1.13.0. This vulnerability affects the function ConvertCbYCrYToRGB. Executing a manipulation can lead to integer overflow.

This vulnerability is tracked as CVE-2026-43908. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More