Vulnerability Description
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named ebdbb75123c9d5f4643e041314e2bc988a13f20d. To fix this issue, it is recommended to deploy a patch. The fix was added to the 2.5.1 milestone.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://github.com/AcademySoftwareFoundation/OpenColorIO/
- https://github.com/AcademySoftwareFoundation/OpenColorIO/issues/2228
- https://github.com/AcademySoftwareFoundation/OpenColorIO/milestone/11
- https://github.com/AcademySoftwareFoundation/OpenColorIO/pull/2231
- https://github.com/cozdas/OpenColorIO/commit/ebdbb75123c9d5f4643e041314e2bc988a1
- https://github.com/oneafter/1225/blob/main/uaf
- https://vuldb.com/?ctiid.340444
- https://vuldb.com/?id.340444
- https://vuldb.com/?submit.733332
FAQ
What is CVE-2025-15506?
CVE-2025-15506 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manip...
How severe is CVE-2025-15506?
CVE-2025-15506 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15506?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.