CVE-2024-55195

CVE-2024-55195 is an allocation-size-too-big vulnerability in the /imagebuf.cpp component of OpenImageIO version 3.1.0.0dev. The flaw triggers a Denial of Service (DoS) when the program requests allocation of an excessively large amount of memory, as indicated by its association with CWE-770. Published on 2025-01-23, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting high availability impact with no effects on confidentiality or integrity.

Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction, requiring only low attack complexity over the network. Successful exploitation causes the affected OpenImageIO instance to crash or become unresponsive due to failed memory allocation, resulting in a DoS condition targeted at applications or services relying on this library for image processing.

The vulnerability is detailed in a GitHub issue at https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4553, which serves as the primary advisory reference. Security practitioners should monitor this issue for developer updates on patches or workarounds.