CVE-2026-43996 | AcademySoftwareFoundation OpenImageIO up to 3.0.18.0/3.1.13.0 TGAInput::decode_pixel out-of-bounds (GHSA-mq8j-73c4-cr55)

A vulnerability described as problematic has been identified in AcademySoftwareFoundation OpenImageIO up to 3.0.18.0/3.1.13.0. Impacted is the function TGAInput::decode_pixel. The manipulation results in out-of-bounds read.

This vulnerability is cataloged as CVE-2026-43996. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More