Filtered by vendor Openimageio
Subscriptions
Total
32 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-36183 | 1 Openimageio | 1 Openimageio | 2024-11-25 | 7.8 High |
Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. | ||||
CVE-2024-40630 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 4.3 Medium |
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input functionality of OpenImageIO. Specifically, in `HeifInput::seek_subimage()`. In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the `ImageInput` APIs. This bug has been addressed in commit `0a2dcb4c` which is included in the 2.5.13.1 release. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
CVE-2023-42299 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 9.8 Critical |
Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. | ||||
CVE-2023-42295 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 8.8 High |
An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | ||||
CVE-2023-3430 | 2 Openimageio, Redhat | 2 Openimageio, Linux | 2024-11-21 | 7.5 High |
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service. | ||||
CVE-2023-24473 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 5.3 Medium |
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2023-24472 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 7.5 High |
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. | ||||
CVE-2023-22845 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 7.5 High |
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2022-43603 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 5.9 Medium |
A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2022-43602 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 8.1 High |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` | ||||
CVE-2022-43601 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 8.1 High |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` | ||||
CVE-2022-43600 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 8.1 High |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` | ||||
CVE-2022-43599 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 8.1 High |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` | ||||
CVE-2022-43598 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 8.1 High |
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`. | ||||
CVE-2022-43597 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 8.1 High |
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`. | ||||
CVE-2022-43596 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 5.9 Medium |
An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. | ||||
CVE-2022-43595 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 5.9 Medium |
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files. | ||||
CVE-2022-43594 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 5.9 Medium |
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files. | ||||
CVE-2022-43593 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 5.9 Medium |
A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability. | ||||
CVE-2022-43592 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | 5.9 Medium |
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. |