Out-of-bounds read in oiio - CVE-2026-59956
Published: July 13, 2026
oiio
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.
The vulnerability exists due to out-of-bounds read in IffInput::readimg() when parsing an uncompressed 16-bit IFF image with the ZBUFFER flag set. A remote attacker can trick the victim into opening a crafted IFF file to disclose sensitive information and cause a denial of service.
No configuration prerequisite is required because the IFF plugin is built and loaded by default.