CVE-2026-43909 | AcademySoftwareFoundation OpenImageIO up to 3.0.18.0/3.1.13.0 DPX Image SwapRGBABytes out-of-bounds (GHSA-g267-j53j-5258)

A vulnerability was found in AcademySoftwareFoundation OpenImageIO up to 3.0.18.0/3.1.13.0. It has been declared as critical. Affected is the function SwapRGBABytes of the component DPX Image Handler. The manipulation results in out-of-bounds read.

This vulnerability was named CVE-2026-43909. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More