Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 44 OpenImageIO Denial of Service Vulnerability CVE-2026-5318

fedora
Calendar Grey April 13, 2026
Dist Fedora Esm H88
Update for OpenImageIO in Fedora 44 addresses critical images library issues related to security and performance.
LibRaw 0.22.1 and rebuilds Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overb...

Summary

OpenImageIO is a library for reading and writing images, and a bunch of related

classes, utilities, and applications. Main features include:

- Extremely simple but powerful ImageInput and ImageOutput APIs for reading and

writing 2D images that is format agnostic.

- Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,

DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI,

PNM/PPM/PGM/PBM.

- An ImageCache class that transparently manages a cache so that it can access

truly vast amounts of image data.

Update Information:

LibRaw 0.22.1 and rebuilds Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal Lecocq) (3.1.12.0, 3.0.17.0) IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0) ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0) bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0, 3.0.17.0) heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64 #5095 (by Brecht Van Lommel) ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0, 3.0.17.0) jpeg: Improved safety and error reporting for jpeg and iptc #5081 jpeg2000: Suppress leak when reading with OpenJPH #5098 psd: Fixes against corrupt files with better validation #5089 (3.1.12.0, 3.0.17.0) rla: Lots of additional validity checking and safety #5094 (3.1.12.0,...

Topics%20covered

Topics Covered

security advisory denial of service fedora image processing library openimageio

Change Log

* Wed Apr 8 2026 Gwyn Ciesla - 1:3.1.12.0-2 - Libraw rebuild * Sat Apr 4 2026 Richard Shaw - 1:3.1.12.0-1 - Update to 3.1.12.0.

References


[ 1 ] Bug #2447841 - swayimg-.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2447841 [ 2 ] Bug #2451401 - swayimg-5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451401 [ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454235 [ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454464 [ 5 ] Bug #2455346 - LibRaw-0.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2455346 [ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456557

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: OpenImageIO
Product: Fedora 44
Version: 3.1.12.0
Release: 2.fc44
URL: https://openimageio.org/
Summary: Library for reading and writing images

Topics%20covered

Topics Covered

security advisory denial of service fedora image processing library openimageio

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here