CVE-2023-42299 (https://github.com/OpenImageIO/oiio/issues/3840): Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. Patch (in 2.5.4.0): https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/e5733a0607e7ea9f728f94181aa0689dc693189c CVE-2023-42295 (https://github.com/OpenImageIO/oiio/issues/3947): An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c Patch (in 2.5.4.0): https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/15750af31a5d130ea63ac133453eb5448cefa636 CVE-2023-36183 (https://github.com/OpenImageIO/oiio/issues/3871): Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. Patch (in 2.5.4.0): https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/aad99bad9a4f6b965f99a291f9c67458c8c982e8 Please stabilize 2.5.4.0.