Packages
- openimageio - Library for reading and writing images
Details
It was discovered that OpenImageIO incorrectly performed bounds
checking when processing SGI files. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2026-43903)
It was discovered that OpenImageIO incorrectly handled run-length
encoding when processing Softimage PIC files. An attacker
could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2026-43904)
It was discovered that OpenImageIO incorrectly validated subimage
metadata when processing HEIF files. An attacker could
possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-43906)
It was discovered that OpenImageIO contained multiple...
It was discovered that OpenImageIO incorrectly performed bounds
checking when processing SGI files. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2026-43903)
It was discovered that OpenImageIO incorrectly handled run-length
encoding when processing Softimage PIC files. An attacker
could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2026-43904)
It was discovered that OpenImageIO incorrectly validated subimage
metadata when processing HEIF files. An attacker could
possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-43906)
It was discovered that OpenImageIO contained multiple integer
overflow vulnerabilities when processing DPX files. An
attacker could possibly use these issues to cause a denial of
service or execute arbitrary code. (CVE-2026-43907, CVE-2026-43908,
CVE-2026-43909)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | libopenimageio-dev – 2.5.19.1+dfsg-2ubuntu0.1~esm1 | ||
| libopenimageio2.5 – 2.5.19.1+dfsg-2ubuntu0.1~esm1 | |||
| openimageio-tools – 2.5.19.1+dfsg-2ubuntu0.1~esm1 | |||
| python3-openimageio – 2.5.19.1+dfsg-2ubuntu0.1~esm1 | |||
| 24.04 LTS noble | libopenimageio-dev – 2.4.17.0+dfsg-1.1ubuntu0.1~esm1 | ||
| libopenimageio2.4t64 – 2.4.17.0+dfsg-1.1ubuntu0.1~esm1 | |||
| openimageio-tools – 2.4.17.0+dfsg-1.1ubuntu0.1~esm1 | |||
| python3-openimageio – 2.4.17.0+dfsg-1.1ubuntu0.1~esm1 | |||
| 20.04 LTS focal | libopenimageio-dev – 2.1.12.0~dfsg0-1ubuntu0.1~esm1 | ||
| libopenimageio2.1 – 2.1.12.0~dfsg0-1ubuntu0.1~esm1 | |||
| openimageio-tools – 2.1.12.0~dfsg0-1ubuntu0.1~esm1 | |||
| python3-openimageio – 2.1.12.0~dfsg0-1ubuntu0.1~esm1 | |||
| 18.04 LTS bionic | libopenimageio-dev – 1.7.17~dfsg0-1ubuntu2+esm1 | ||
| libopenimageio1.7 – 1.7.17~dfsg0-1ubuntu2+esm1 | |||
| openimageio-tools – 1.7.17~dfsg0-1ubuntu2+esm1 | |||
| python-openimageio – 1.7.17~dfsg0-1ubuntu2+esm1 | |||
| 16.04 LTS xenial | libopenimageio-dev – 1.6.11~dfsg0-1ubuntu1+esm2 | ||
| libopenimageio1.6 – 1.6.11~dfsg0-1ubuntu1+esm2 | |||
| openimageio-tools – 1.6.11~dfsg0-1ubuntu1+esm2 | |||
| python-openimageio – 1.6.11~dfsg0-1ubuntu1+esm2 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.