Heap-based buffer overflow in oiio - CVE-2024-55194
Published: July 13, 2026
oiio
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a heap-based buffer overflow.
The vulnerability exists due to a heap-based buffer overflow in src/include/OpenImageIO/fmath.h when processing a corrupted or truncated pgm file. A remote attacker can supply a specially crafted pgm file to cause a heap-based buffer overflow.
The issue was observed while fuzzing oiiotool, including during use of the --autotrim and --printstats options.