CVE-2025-15506

3.3 LOW
Published: January 11, 2026 Modified: February 23, 2026
View on NVD

Description

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named ebdbb75123c9d5f4643e041314e2bc988a13f20d. To fix this issue, it is recommended to deploy a patch. The fix was added to the 2.5.1 milestone.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/AcademySoftwareFoundation/OpenColorIO/
Source: cna@vuldb.com
https://github.com/AcademySoftwareFoundation/OpenColorIO/issues/2228
Source: cna@vuldb.com
https://github.com/AcademySoftwareFoundation/OpenColorIO/milestone/11
Source: cna@vuldb.com
https://github.com/AcademySoftwareFoundation/OpenColorIO/pull/2231
Source: cna@vuldb.com
https://github.com/cozdas/OpenColorIO/commit/ebdbb75123c9d5f4643e041314e2bc988a13f20d
Source: cna@vuldb.com
https://github.com/oneafter/1225/blob/main/uaf
Source: cna@vuldb.com
https://vuldb.com/?ctiid.340444
Source: cna@vuldb.com
https://vuldb.com/?id.340444
Source: cna@vuldb.com
https://vuldb.com/?submit.733332
Source: cna@vuldb.com

9 reference(s) from NVD

Quick Stats

CVSS v3 Score
3.3 / 10.0
EPSS (Exploit Probability)
0.0%
0th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-119 CWE-125

Related CVEs

CVE-2026-4491 8.8
CVE-2026-4490 8.8
CVE-2026-29828 N/A
CVE-2026-22902 N/A
CVE-2026-22901 N/A