Buffer overflow in Academysoftwarefoundation Opencolorio

CVE-2026-42450

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT data lines. Input comes from `lineBuffer[40…

Vulnerability class: Buffer Overflow

Affected products

Academysoftwarefoundation Opencolorio — versions < 2.5.2

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)