Filtered by vendor Openimageio
Subscribe
Total
31 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41988 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 7.5 HIGH |
An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-36354 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 5.3 MEDIUM |
A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-43603 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 5.9 MEDIUM |
A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-43596 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 5.9 MEDIUM |
An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. | |||||
CVE-2022-41977 | 1 Openimageio | 1 Openimageio | 2023-12-10 | N/A | 3.3 LOW |
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-43602 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 8.1 HIGH |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` | |||||
CVE-2022-43599 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 8.1 HIGH |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` | |||||
CVE-2022-41981 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 8.1 HIGH |
A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-43600 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 8.1 HIGH |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` | |||||
CVE-2022-41999 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 7.5 HIGH |
A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-43598 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-12-10 | N/A | 8.1 HIGH |
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`. |