Uncontrolled Recursion in oiio - CVE-2026-59156
Published: July 13, 2026
oiio
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in FitsInput::read_fits_header() in src/fits.imageio/fitsinput.cpp when parsing a crafted FITS file header that lacks the mandatory END keyword. A remote attacker can trick the victim into opening a crafted file to cause a denial of service.
User interaction is required to open the crafted FITS file.