[Git][security-tracker-team/security-tracker][master] Add new openimageio CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 15 10:18:18 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3cf8ce1c by Salvatore Bonaccorso at 2026-05-15T11:17:50+02:00
Add new openimageio CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,21 +71,29 @@ CVE-2026-44427 (The MCP Registry provides MCP clients with a list of MCP servers
 CVE-2026-44212 (PrestaShop is an open source e-commerce web application. Prior to 8.2. ...)
 	NOT-FOR-US: PrestaShop
 CVE-2026-43996 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-mq8j-73c4-cr55
 CVE-2026-43909 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-g267-j53j-5258
 CVE-2026-43908 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-2jr5-q49v-3858
 CVE-2026-43907 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-cq46-hp4h-cvfr
 CVE-2026-43906 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-gmrp-x952-3m66
 CVE-2026-43905 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-pj45-cf3g-28gq
 CVE-2026-43904 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-4499-j545-7q33
 CVE-2026-43903 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-jg3q-vm3q-2j35
 CVE-2026-43490 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 7.0.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cf8ce1c2f7d1255f0ebfac60f9dae7a2525b2ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cf8ce1c2f7d1255f0ebfac60f9dae7a2525b2ce
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/eda9d9f6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list