Skip to content

Add CVE number to security text #2311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
doug-walker merged 1 commit into from
May 13, 2026
+4 −4
Merged

Add CVE number to security text #2311

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,6 @@ Include detailed steps to reproduce the issue, and any other information that
could aid an investigation. Someone will assess the report and make every
effort to respond within 14 days.

## History of CVE Fixes

None

## File Format Expectations

Attempting to read an OCIO config (YAML) file will:
Expand Down Expand Up @@ -60,3 +56,7 @@ set of behaviors as with file loading.
It is a bug if calling a function with well-formed arguments causes the
library to crash. It is a security issue if calling a function with
well-formed arguments causes arbitrary code execution.

## History of CVE Fixes

CVE-2026-42450 -- Stack buffer overflow in sscanf. (Fixed in OCIO 2.5.2)