PYSEC-2026-1745

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/opencolorio/PYSEC-2026-1745.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1745
Aliases
Published
2026-07-07T16:03:17.951308Z
Modified
2026-07-07T17:47:08.270235153Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability
Details

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named ebdbb75123c9d5f4643e041314e2bc988a13f20d. To fix this issue, it is recommended to deploy a patch. The fix was added to the 2.5.1 milestone.

References

Affected packages

PyPI / opencolorio

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.1

Affected versions

2.*
2.1.0
2.1.1
2.1.2
2.1.3
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/opencolorio/PYSEC-2026-1745.yaml"