CVE-2025-15506
AcademySoftwareFoundation OpenColorIO FileRules.cpp ConvertToRegularExpression out-of-bounds
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named ebdbb75123c9d5f4643e041314e2bc988a13f20d. To fix this issue, it is recommended to deploy a patch. The fix was added to the 2.5.1 milestone.
| CWE | CWE-125 CWE-119 |
| Vendor | academysoftwarefoundation |
| Product | opencolorio |
| Published | Jan 11, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for academysoftwarefoundation opencolorio
Be the first to know when new low vulnerabilities affecting academysoftwarefoundation opencolorio are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
AcademySoftwareFoundation / OpenColorIO
2.0 2.1 2.2 2.3 2.4 2.5.0
References
vuldb.com: https://vuldb.com/?id.340444 vuldb.com: https://vuldb.com/?ctiid.340444 vuldb.com: https://vuldb.com/?submit.733332 github.com: https://github.com/AcademySoftwareFoundation/OpenColorIO/issues/2228 github.com: https://github.com/AcademySoftwareFoundation/OpenColorIO/pull/2231 github.com: https://github.com/oneafter/1225/blob/main/uaf github.com: https://github.com/cozdas/OpenColorIO/commit/ebdbb75123c9d5f4643e041314e2bc988a13f20d github.com: https://github.com/AcademySoftwareFoundation/OpenColorIO/milestone/11 github.com: https://github.com/AcademySoftwareFoundation/OpenColorIO/
Credits
๐ Oneafter (VulDB User)