CVE-2025-15506

Name	CVE-2025-15506
Description	A vulnerability was found in AcademySoftwareFoundation OpenColorIO up ...
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1125416

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
opencolorio (PTS)	bullseye	1.1.1~dfsg0-7	vulnerable
	bookworm	2.1.2+dfsg1-4	vulnerable
	trixie	2.1.3+dfsg-1.2	vulnerable
	forky, sid	2.1.3+dfsg-2	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
opencolorio	source	experimental	2.5.1+dfsg-1
opencolorio	source	(unstable)	(unfixed)			1125416

Notes

[trixie] - opencolorio <no-dsa> (Minor issue)
[bookworm] - opencolorio <no-dsa> (Minor issue)
[bullseye] - opencolorio <no-dsa> (Minor issue)
https://github.com/AcademySoftwareFoundation/OpenColorIO/issues/2228
https://github.com/AcademySoftwareFoundation/OpenColorIO/pull/2231
Fixed by: https://github.com/AcademySoftwareFoundation/OpenColorIO/commit/095ae2d9fff0c292212a652a32206ab0bed53179 (v2.5.1)