Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 544
Alerts This Week
Warning Icon 1 544

Ubuntu OpenImageIO Significant Denial Of Service Security Flaws USN-8438-1

ubuntu
Calendar Grey June 16, 2026
Scroller Ubuntu Esm H88
Security advisory for Ubuntu OpenImageIO addresses critical issues and provides essential updates to ensure system integrity.
Several security issues were fixed in OpenImageIO.

Summary

Several security issues were fixed in OpenImageIO.

Software Description:

- openimageio: Library for reading and writing images

Details:

It was discovered that OpenImageIO incorrectly performed bounds

checking when processing SGI files. An attacker could possibly

use this issue to cause a denial of service or execute arbitrary

code. (CVE-2026-43903)

It was discovered that OpenImageIO incorrectly handled run-length

encoding when processing Softimage PIC files. An attacker

could possibly use this issue to cause a denial of service or

execute arbitrary code. (CVE-2026-43904)

It was discovered that OpenImageIO incorrectly validated subimage

metadata when processing HEIF files. An attacker could

possibly use this issue to cause a denial of service or execute

arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu

24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-43906)

It was discovered that OpenImageIO contained multiple integer

overflow vulnerabilities when processing DPX files...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libopenimageio-dev              2.5.19.1+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libopenimageio2.5               2.5.19.1+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  openimageio-tools               2.5.19.1+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-openimageio             2.5.19.1+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 24.04 LTS
  libopenimageio-dev              2.4.17.0+dfsg-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libopenimageio2.4t64            2.4.17.0+dfsg-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  openimageio-tools               2.4.17.0+dfsg-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-openimageio             2.4.17.0+dfsg-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libopenimageio-dev              2.1.12.0~dfsg0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libopenimageio2.1               2.1.12.0~dfsg0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  openimageio-tools               2.1.12.0~dfsg0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-openimageio             2.1.12.0~dfsg0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libopenimageio-dev              1.7.17~dfsg0-1ubuntu2+esm1
                                  Available with Ubuntu Pro
  libopenimageio1.7               1.7.17~dfsg0-1ubuntu2+esm1
                                  Available with Ubuntu Pro
  openimageio-tools               1.7.17~dfsg0-1ubuntu2+esm1
                                  Available with Ubuntu Pro
  python-openimageio              1.7.17~dfsg0-1ubuntu2+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libopenimageio-dev              1.6.11~dfsg0-1ubuntu1+esm2
                                  Available with Ubuntu Pro
  libopenimageio1.6               1.6.11~dfsg0-1ubuntu1+esm2
                                  Available with Ubuntu Pro
  openimageio-tools               1.6.11~dfsg0-1ubuntu1+esm2
                                  Available with Ubuntu Pro
  python-openimageio              1.6.11~dfsg0-1ubuntu1+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8438-1

CVE-2026-43903, CVE-2026-43904, CVE-2026-43906, CVE-2026-43907,

CVE-2026-43908, CVE-2026-43909

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8438-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.