CVE-2026-42450
Received Received - Intake
Heap-based Buffer Overflow in OpenColorIO LUT Parser

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description
OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT data lines. Input comes from `lineBuffer[4096]`, so a crafted .spi3d file can overflow by ~4000 bytes on non-Windows. Version 2.5.2 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-42450
EUVD
EUVD-2026-38769
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
opencolorio opencolorio to 2.5.2 (exc)
academysoftwarefoundation opencolorio to 2.5.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to a stack buffer overflow, which may allow an attacker to execute arbitrary code on the affected system.

Such arbitrary code execution can compromise the confidentiality, integrity, and availability of the system running OpenColorIO.

Because the overflow occurs when parsing maliciously crafted LUT files, an attacker could exploit this by providing specially designed .spi3d files.

Executive Summary

CVE-2026-42450 is a stack buffer overflow vulnerability in the OpenColorIO library, specifically in the Spi3D (.spi3d) LUT parser.

The issue occurs in the FileFormatSpi3D.cpp file at line 163, where the code uses an unbounded sscanf with the %s format specifier to read string values into 64-byte stack buffers.

Since the input comes from a 4096-byte buffer, a maliciously crafted .spi3d file can overflow the stack buffer by approximately 4000 bytes on non-Windows systems.

This overflow can lead to arbitrary code execution.

The vulnerability affects OpenColorIO versions 2.5.1 and earlier and was fixed in version 2.5.2 by limiting the sscanf input to 63 bytes.

Detection Guidance

This vulnerability is triggered by parsing maliciously crafted .spi3d files that cause a stack buffer overflow in OpenColorIO versions prior to 2.5.2.

Detection can involve monitoring for the presence or use of vulnerable OpenColorIO versions (<= 2.5.1) and scanning for suspicious or unusually large .spi3d files that might exploit the sscanf buffer overflow.

Since the vulnerability occurs during parsing of LUT data lines in .spi3d files, commands to detect vulnerable versions or suspicious files might include:

  • Check OpenColorIO version installed: `opencolorio --version` or check package manager versions.
  • Search for .spi3d files in your system or project directories: `find /path/to/search -name '*.spi3d'`
  • Inspect .spi3d files for unusually long lines or suspicious content that could trigger buffer overflow, e.g., `grep -E '.{64,}' suspicious.spi3d` to find lines longer than 63 characters.
  • Monitor application logs or crashes related to OpenColorIO when loading LUT files, which might indicate exploitation attempts.
Mitigation Strategies

The primary mitigation step is to upgrade OpenColorIO to version 2.5.2 or later, where the vulnerability is fixed by limiting sscanf input size.

Until the upgrade can be applied, avoid loading or processing untrusted or unauthenticated .spi3d files, as these can trigger the buffer overflow.

Implement input validation or filtering on LUT files to ensure they do not contain excessively long lines that could overflow buffers.

Monitor for unusual application behavior or crashes related to LUT file parsing, which might indicate exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42450. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart