Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AcademySoftwareFoundation — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting AcademySoftwareFoundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Academy Software Foundation serves as a neutral home for open-source projects supporting the visual effects, animation, and media industries. Its portfolio includes critical tools like OpenColorIO and OpenUSD, which facilitate data interchange and rendering workflows across major studios. Historically, vulnerabilities within these ecosystems have predominantly involved remote code execution and cross-site scripting, often stemming from complex input parsing in image processing libraries. While the foundation itself does not develop software, it oversees governance for member projects, meaning security incidents typically reflect the underlying codebases rather than the foundation’s infrastructure. Notable incidents have included privilege escalation flaws in plugin architectures, highlighting risks in extensible systems. With 27 recorded CVEs, the foundation emphasizes collaborative security audits and standardized testing protocols to mitigate risks inherent in high-precision visual computing environments, ensuring stability for global production pipelines without adopting aggressive marketing narratives.

Top products by AcademySoftwareFoundation: openexr MaterialX OpenImageIO OpenColorIO
CVE IDTitleCVSSSeverityPublished
CVE-2026-42217 OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`) — openexrCWE-190 8.1AIHighAI2026-05-07
CVE-2026-42216 OpenEXR: Out-of-bounds read in `IDManifest::init()` during prefix expansion — openexrCWE-125 9.1AICriticalAI2026-05-07
CVE-2026-41142 OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API — openexrCWE-190 8.8 High2026-05-07
CVE-2026-7582 AcademySoftwareFoundation OpenImageIO DDS Image ddsinput.cpp out-of-bounds write — OpenImageIOCWE-787 5.3 Medium2026-05-01
CVE-2026-40250 OpenEXR has integer overflow in DWA decoder outBufferEnd pointer arithmetic (missed variant of CVE-2026-34589) — openexrCWE-190 8.1AIHighAI2026-04-21
CVE-2026-40244 OpenEXR has integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (missed variant of CVE-2026-34589) — openexrCWE-190 7.5AIHighAI2026-04-21
CVE-2026-39886 OpenEXR has HTJ2K Signed Integer Overflow in ht_undo_impl() — openexrCWE-190 5.3 Medium2026-04-21
CVE-2026-34589 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write — openexrCWE-190 9.1 -2026-04-06
CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write — openexrCWE-125 6.8 -2026-04-06
CVE-2026-34380 OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression — openexrCWE-190 5.9 Medium2026-04-06
CVE-2026-34379 OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression) — openexrCWE-704 7.1 High2026-04-06
CVE-2026-34378 OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x — openexrCWE-190 6.5 Medium2026-04-06
CVE-2026-34543 OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl) — openexrCWE-908 5.5AIMediumAI2026-04-01
CVE-2026-34544 OpenEXR: integer overflow to OOB write in uncompress_b44_impl() — openexrCWE-190 8.8AIHighAI2026-04-01
CVE-2026-34545 OpenEXR: integer overflow lead to OOB in HTJ2K decoder — openexrCWE-122 9.6AICriticalAI2026-04-01
CVE-2026-27622 OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write — openexrCWE-787 7.7AIHighAI2026-03-03
CVE-2026-26981 OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp — openexrCWE-195 6.5 Medium2026-02-24
CVE-2025-15506 AcademySoftwareFoundation OpenColorIO FileRules.cpp ConvertToRegularExpression out-of-bounds — OpenColorIOCWE-125 3.3 Low2026-01-11
CVE-2025-64183 OpenEXR has use after free in PyObject_StealAttrString — openexrCWE-416 9.1 -2025-11-10
CVE-2025-64182 OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel() — openexrCWE-120 7.8 -2025-11-10
CVE-2025-64181 OpenEXR Makes Use of Uninitialized Memory — openexrCWE-457 9.1 -2025-11-10
CVE-2025-53012 MaterialX's Lack of Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion — MaterialXCWE-400 7.5 -2025-08-01
CVE-2025-53011 MaterialX is Vulnerable to NULL Pointer Dereference due to Unchecked implGraphOutput — MaterialXCWE-476 5.5 -2025-08-01
CVE-2025-53010 MaterialX's unchecked nodeGraph->getOutput return is vulnerable to NULL Pointer Dereference — MaterialXCWE-476 5.5 -2025-08-01
CVE-2025-53009 MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit — MaterialXCWE-121 5.5 -2025-08-01
CVE-2025-48074 OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors — openexrCWE-770 6.5 -2025-08-01
CVE-2025-48073 OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode — openexrCWE-476 7.5AIHighAI2025-07-31
CVE-2025-48072 OpenEXR's Inaccurate Pointer Arithmetic can Cause an Out of Bounds Heap — openexrCWE-125 7.8AIHighAI2025-07-31
CVE-2025-48071 OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing — openexrCWE-122 7.8AIHighAI2025-07-31
CVE-2024-40630 HEIF Heap OOB Read in OpenImageIO — OpenImageIOCWE-125 4.3 Medium2024-07-15

This page lists every published CVE security advisory associated with AcademySoftwareFoundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.