==========================================================================
Ubuntu Security Notice USN-8438-1
June 16, 2026

openimageio vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenImageIO.

Software Description:
- openimageio: Library for reading and writing images

Details:

It was discovered that OpenImageIO incorrectly performed bounds
checking when processing SGI files. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2026-43903)

It was discovered that OpenImageIO incorrectly handled run-length
encoding when processing Softimage PIC files. An attacker
could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2026-43904)

It was discovered that OpenImageIO incorrectly validated subimage
metadata when processing HEIF files. An attacker could
possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-43906)

It was discovered that OpenImageIO contained multiple integer
overflow vulnerabilities when processing DPX files. An
attacker could possibly use these issues to cause a denial of
service or execute arbitrary code. (CVE-2026-43907, CVE-2026-43908,
CVE-2026-43909)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libopenimageio-dev              2.5.19.1+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libopenimageio2.5               2.5.19.1+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  openimageio-tools               2.5.19.1+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-openimageio             2.5.19.1+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 24.04 LTS
  libopenimageio-dev              2.4.17.0+dfsg-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libopenimageio2.4t64            2.4.17.0+dfsg-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  openimageio-tools               2.4.17.0+dfsg-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-openimageio             2.4.17.0+dfsg-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libopenimageio-dev              2.1.12.0~dfsg0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libopenimageio2.1               2.1.12.0~dfsg0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  openimageio-tools               2.1.12.0~dfsg0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-openimageio             2.1.12.0~dfsg0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libopenimageio-dev              1.7.17~dfsg0-1ubuntu2+esm1
                                  Available with Ubuntu Pro
  libopenimageio1.7               1.7.17~dfsg0-1ubuntu2+esm1
                                  Available with Ubuntu Pro
  openimageio-tools               1.7.17~dfsg0-1ubuntu2+esm1
                                  Available with Ubuntu Pro
  python-openimageio              1.7.17~dfsg0-1ubuntu2+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libopenimageio-dev              1.6.11~dfsg0-1ubuntu1+esm2
                                  Available with Ubuntu Pro
  libopenimageio1.6               1.6.11~dfsg0-1ubuntu1+esm2
                                  Available with Ubuntu Pro
  openimageio-tools               1.6.11~dfsg0-1ubuntu1+esm2
                                  Available with Ubuntu Pro
  python-openimageio              1.6.11~dfsg0-1ubuntu1+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8438-1
  CVE-2026-43903, CVE-2026-43904, CVE-2026-43906, CVE-2026-43907,
  CVE-2026-43908, CVE-2026-43909

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to