Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed OpenImageIO Safety Advisory CVE-2026-7582 2026-10752-1
An update that solves one vulnerability can now be installed.. # OpenImageIO-3.1.13.1-2.1 on GA media Announcement ID: openSUSE-SU-2026:10752-1 Rating: moderate Cross-References: * CVE-2026-7582 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the OpenImageIO-3.1.13.1-2.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * OpenImageIO 3.1.13.1-2.1 * OpenImageIO-devel 3.1.13.1-2.1 * libOpenImageIO3_1 3.1.13.1-2.1 * libOpenImageIO_Util3_1 3.1.13.1-2.1 * python3-OpenImageIO 3.1.13.1-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-7582.html . An important update for OpenImageIO on openSUSE Tumbleweed addresses a moderate vulnerability in the software.. OpenImageIO Update, openSUSE Tumbleweed Security, moderate Threat Resolution. . LinuxSecurity.com Team
May 13, 2026
OpenSUSE
89
security advisorydenial of servicefedoraFedora 44 OpenImageIO Denial of Service Vulnerability CVE-2026-5318
LibRaw 0.22.1 and rebuilds Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal Lecocq) (3.1.12.0, 3.0.17.0). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-bef0050737 2026-04-13 21:06:00.498961+00:00 -------------------------------------------------------------------------------- Name : OpenImageIO Product : Fedora 44 Version : 3.1.12.0 Release : 2.fc44 URL : https://openimageio.org/ Summary : Library for reading and writing images Description : OpenImageIO is a library for reading and writing images, and a bunch of related classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading and writing 2D images that is format agnostic. - Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000, DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI, PNM/PPM/PGM/PBM. - An ImageCache class that transparently manages a cache so that it can access truly vast amounts of image data. -------------------------------------------------------------------------------- Update Information: LibRaw 0.22.1 and rebuilds Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal Lecocq) (3.1.12.0, 3.0.17.0) IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0) ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0) bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0, 3.0.17.0) heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64 #5095 (by Brecht Van Lommel) ico: Various validity checks anderror handling for corruptions #5088 (3.1.12.0, 3.0.17.0) jpeg: Improved safety and error reporting for jpeg and iptc #5081 jpeg2000: Suppress leak when reading with OpenJPH #5098 psd: Fixes against corrupt files with better validation #5089 (3.1.12.0, 3.0.17.0) rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0) tiff: Support GPS fields, and other metadata enhancements #5050 tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of values passed to invert_photometric #5083, check for invalid bit depth in palette images #5091 ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0) fix: Fix UB-sanitizer warning about alignment #5097 fix: Catch exceptions in print-uncaught-messages destructor #5103 fix: Enhanced exception safety for our use of OpenColorIO #5114 fix: Fix possible fmt exceptions where we might have passed null string #5115 build: Test building with clang 22.1, fix warnings uncovered #5067 build: Improve security by pinning auto-build dependencies by hash #5076 build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0) build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058 build(win): Embed manifest in OIIO executables to enable long path handling #5066 (by Nathan Rusch) ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0) ci: For security, replace workflow substitutions with safer env substitutions #5070 ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077 ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0, 3.0.17.0) ci: Bump GitHub Actions to latest versions #5078 #5110 #5119 ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100 #5101 (3.1.12.0, 3.0.17.0) ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0) ci: Turn off nightly workflows for user forks #5042 tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075 #5079 #5099 #5112 docs: Updatedescription for dwaCompressionLevel #5074 (by Aamir Raza) docs: Fix formatting examples for version macros #5073 docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0) docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0, 3.0.17.0) docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0) admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0) ci: Freetype adjustments #4999 Update to 5.1 (#2451401) Update to 5.0 (#2447841) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 8 2026 Gwyn Ciesla - 1:3.1.12.0-2 - Libraw rebuild * Sat Apr 4 2026 Richard Shaw - 1:3.1.12.0-1 - Update to 3.1.12.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2447841 - swayimg-.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2447841 [ 2 ] Bug #2451401 - swayimg-5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451401 [ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454235 [ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454464 [ 5 ] Bug #2455346 - LibRaw-0.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2455346 [ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456557 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command line. For more information, refer to the dnf documentationavailable at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 13, 2026
•Critical
Fedora
91
security advisorygentoomultiple issuesGentoo: GLSA-202506-09 normal: OpenImageIO multiple issues
Multiple vulnerabilities have been discovered in OpenImageIO, the worst of which can lead to execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202506-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenImageIO: Multiple Vulnerabilities Date: June 12, 2025 Bugs: #903807, #917679 ID: 202506-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in OpenImageIO, the worst of which can lead to execution of arbitrary code. Background ========== OpenImageIO is a library for reading and writing images. Affected packages ================= Package Vulnerable Unaffected ---------------------- ------------ ------------ media-libs/openimageio < 2.5.4.0 > = 2.5.4.0 Description =========== Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenImageIO users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/openimageio-2.5.4.0" References ========== [ 1 ] CVE-2023-22845 https://nvd.nist.gov/vuln/detail/CVE-2023-22845 [ 2 ] CVE-2023-24472 https://nvd.nist.gov/vuln/detail/CVE-2023-24472 [ 3 ] CVE-2023-24473 https://nvd.nist.gov/vuln/detail/CVE-2023-24473 [ 4 ] CVE-2023-36183 https://nvd.nist.gov/vuln/detail/CVE-2023-36183 [ 5 ] CVE-2023-42295 https://nvd.nist.gov/vuln/detail/CVE-2023-42295 [ 6 ] CVE-2023-42299 https://nvd.nist.gov/vuln/detail/CVE-2023-42299 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202506-09 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 12, 2025
Gentoo
197
security advisorydenial of servicebuffer overflowDebian: DLA-3518-1 Moderate: OpenImageIO DoS Threat Overview
Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3518-1
Aug 06, 2023
Debian LTS
203
security advisoryinformation leakbuffer overflowMageia: 2023-0151 Critical: OpenImageIO Heap Out-Of-Bounds Issues
A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. (CVE-2022-36354) . MGASA-2023-0151 - Updated openimageio packages fix security vulnerability Publication date: 24 Apr 2023 URL: https://advisories.mageia.org/MGASA-2023-0151.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-36354, CVE-2022-38143, CVE-2022-41639, CVE-2022-41684, CVE-2022-41794, CVE-2022-41838, CVE-2022-41977, CVE-2022-41981, CVE-2022-41988, CVE-2022-41999, CVE-2022-43592, CVE-2022-43593, CVE-2022-43594, CVE-2022-43595, CVE-2022-43596, CVE-2022-43597, CVE-2022-43598, CVE-2022-43599, CVE-2022-43600, CVE-2022-43601, CVE-2022-43602, CVE-2022-43603, CVE-2023-22845, CVE-2023-24472, CVE-2023-24473 A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. (CVE-2022-36354) A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. (CVE-2022-38143) A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. (CVE-2022-41639) A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsingthe image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. (CVE-2022-41684) A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. (CVE-2022-41794) A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. (CVE-2022-41838) An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. (CVE-2022-41977) A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. (CVE-2022-41981) An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. (CVE-2022-41988) A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. (CVE-2022-41999) An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. (CVE-2022-43592) A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. (CVE-2022-43593) Multiple denial of service vulnerabilities exist in the image output closingfunctionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. This vulnerability applies to writing .bmp files. (CVE-2022-43594) Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. This vulnerability applies to writing .fits files. (CVE-2022-43595) An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. (CVE-2022-43596) Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. This vulnerability arises when the 'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43597) Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. This vulnerability arises when the 'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43598) Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This vulnerability arises when the 'xmax' variable is set to 0xFFFF and 'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43599) Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This vulnerability arises when the 'xmax' variable is set to 0xFFFF and 'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43600) Multiple codeexecution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This vulnerability arises when the 'ymax' variable is set to 0xFFFF and 'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43601) Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This vulnerability arises when the 'ymax' variable is set to 0xFFFF and 'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43602) A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. (CVE-2022-43603) An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. (CVE-2023-22845) A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. (CVE-2023-24472) An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. (CVE-2023-24473) References: - https://bugs.mageia.org/show_bug.cgi?id=31364 - https://lists.fedoraproject.org/archives/list/
Apr 24, 2023
•Critical
Mageia
87
security advisorydenial of servicebuffer overflowDebian 11: DSA-5384-1 Critical: OpenImageIO Denial Of Service
Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5384-1
Apr 10, 2023
•Critical
Debian
197
security advisorybuffer overflowdebianDebian 10: DLA-3382-1 Severe OpenImageIO Buffer Overflow Vulnerability
Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image . -------------------------------------------------------------------------Debian LTS Advisory DLA-3382-1
Apr 04, 2023
•Important
Debian LTS
89
security advisorycriticalFedoraFedora 36: 2022-e63bc3eca2 Critical: OpenImageIO Multiple Threats
OpenImageIO is a library for reading and writing images, and a bunch of related classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading and writing 2D images that is format agnostic. - Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-e63bc3eca2 2022-12-31 01:16:00.044425 --------------------------------------------------------------------------------Name : OpenImageIO Product : Fedora 36 Version : 2.3.21.0 Release : 1.fc36 URL : https://sites.google.com/site/openimageio/home Summary : Library for reading and writing images Description : OpenImageIO is a library for reading and writing images, and a bunch of related classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading and writing 2D images that is format agnostic. - Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000, DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI, PNM/PPM/PGM/PBM. - An ImageCache class that transparently manages a cache so that it can access truly vast amounts of image data. --------------------------------------------------------------------------------Update Information: * Update to 2.3.21.0. * Security fix for CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977 CVE-2022-4198 CVE-2022-41988 CVE-2022-4199. --------------------------------------------------------------------------------ChangeLog: * Thu Dec 22 2022 Richard Shaw - 2.3.21.0-1 - Update to 2.3.21.0. --------------------------------------------------------------------------------References: [ 1 ] Bug #2139800 - CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838CVE-2022-41977 CVE-2022-4198 CVE-2022-41988 CVE-2022-41999 OpenImageIO: Multiple Vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2139800 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-e63bc3eca2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 31, 2022
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!