Out-of-bounds read in oiio - CVE-2026-50291
Published: July 13, 2026
oiio
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in BmpInput::read_native_scanline when parsing a crafted BMP file. A remote attacker can trick the victim into opening a crafted file to cause a denial of service.
User interaction is required to process the crafted BMP file.