Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-43600 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 8.1 HIGH |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` | |||||
CVE-2022-43595 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 5.9 MEDIUM |
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files. | |||||
CVE-2022-43594 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 5.9 MEDIUM |
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files. | |||||
CVE-2022-43599 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 8.1 HIGH |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` | |||||
CVE-2022-36354 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 5.3 MEDIUM |
A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-41649 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 9.1 CRITICAL |
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-41988 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 7.5 HIGH |
An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. |