CVE-2026-43906 | AcademySoftwareFoundation OpenImageIO up to 3.0.18.0/3.1.13.0 HEIF Decoder heap-based overflow (GHSA-gmrp-x952-3m66)

A vulnerability classified as critical was found in AcademySoftwareFoundation OpenImageIO up to 3.0.18.0/3.1.13.0. This issue affects some unknown processing of the component HEIF Decoder. The manipulation results in heap-based buffer overflow.

This vulnerability is reported as CVE-2026-43906. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More