CNNVD-202601-1788 Information
CNNVD ID
CNNVD-202601-1788
Related CVE
- CNNVD Published: 2026-01-11
Description (Chinese)
OpenColorIO是Academy Software Foundation开源的一个用于视觉效果和动画的颜色管理框架。 OpenColorIO 2.5.0及之前版本存在缓冲区错误漏洞,该漏洞源于对文件src/OpenColorIO/FileRules.cpp的错误操作,可能导致越界读取。
Description (English)
OpenColorIO is an open-source colour management framework for visual effects and animation. OpenColorIO 2.5.0 and previous versions had an error loophole in the buffer zone, which stemmed from a mishandling of document src/OpenColorIO/FileRules.cpp, which could lead to cross-border reading.
Hazard Level
Critical
Vulnerability Type
缓冲区错误
Affected Vendor
Academy Software Foundation
Published
2026-01-11
Last Modified
2026-02-24
References
https://github.com/AcademySoftwareFoundation/OpenColorIO/issues/2228 https://github.com/AcademySoftwareFoundation/OpenColorIO/milestone/11 https://github.com/AcademySoftwareFoundation/OpenColorIO/pull/2231 https://github.com/cozdas/OpenColorIO/commit/ebdbb75123c9d5f4643e041314e2bc988a13f20d https://github.com/oneafter/1225/blob/main/uaf https://vuldb.com/?ctiid.340444 https://vuldb.com/?id.340444 https://vuldb.com/?submit.733332