Stack-based buffer overflow in oiio - CVE-2026-59181
Published: July 13, 2026
oiio
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service or modify data.
The vulnerability exists due to stack-based buffer overflow in CineonInput::open() when parsing a crafted Cineon image file with an unchecked numberOfElements value. A remote attacker can trick the victim into opening a specially crafted .cin file to cause a denial of service or modify data.
User interaction is required to open a crafted file.