Filtered by vendor Openimageio
Subscriptions
Total
32 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-41838 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-09-16 | 9.8 Critical |
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2022-43603 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-09-16 | 5.9 Medium |
A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2022-41649 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-09-16 | 9.1 Critical |
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2022-43600 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-09-16 | 8.1 High |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` | ||||
CVE-2022-41794 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-09-16 | 9.8 Critical |
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2023-42295 | 1 Openimageio | 1 Openimageio | 2024-09-12 | 8.8 High |
An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | ||||
CVE-2023-36183 | 1 Openimageio | 1 Openimageio | 2024-08-02 | 7.8 High |
Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. | ||||
CVE-2023-24473 | 1 Openimageio | 1 Openimageio | 2024-08-02 | 5.3 Medium |
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2023-24472 | 1 Openimageio | 1 Openimageio | 2024-08-02 | 7.5 High |
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. | ||||
CVE-2023-22845 | 1 Openimageio | 1 Openimageio | 2024-08-02 | 7.5 High |
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2023-3430 | 2 Openimageio, Redhat | 2 Openimageio, Linux | 2024-08-02 | 7.5 High |
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service. | ||||
CVE-2024-40630 | 1 Openimageio | 1 Openimageio | 2024-08-02 | 4.3 Medium |
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input functionality of OpenImageIO. Specifically, in `HeifInput::seek_subimage()`. In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the `ImageInput` APIs. This bug has been addressed in commit `0a2dcb4c` which is included in the 2.5.13.1 release. Users are advised to upgrade. There are no known workarounds for this issue. |