Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-5384-1:C42DB
HistoryApr 10, 2023 - 9:18 a.m.

[SECURITY] [DSA 5384-1] openimageio security update

2023-04-1009:18:20
lists.debian.org
13
debian bug 1027143
cve-2022-43603
cve-2022-41981
cve-2022-41999
cve-2022-43598
bullseye
debian bug 1027808
cve-2022-43602
cve-2022-36354
cve-2022-43600
arbitrary code execution
debian
debian
cve-2022-43596
cve-2022-41684
denial of service
cve-2022-43601
cve-2022-41837
cve-2022-43593
cve-2022-43597
cve-2022-43594
cve-2022-41838
cve-2022-41639
cve-2022-41649
openimageio
cve-2022-41794
security tracker.
buffer overflows
cve-2022-41988
cve-2022-41977
cve-2022-43595
security update
cve-2022-43599
cve-2022-43592

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

JSON

Debian Security Advisory DSA-5384-1 [email protected]
https://www.debian.org/security/ Markus Koschany
April 10, 2023 https://www.debian.org/security/faq

Package : openimageio
CVE ID : CVE-2022-36354 CVE-2022-41639 CVE-2022-41649 CVE-2022-41684
CVE-2022-41794 CVE-2022-41837 CVE-2022-41838 CVE-2022-41977
CVE-2022-41981 CVE-2022-41988 CVE-2022-41999 CVE-2022-43592
CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596
CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600
CVE-2022-43601 CVE-2022-43602 CVE-2022-43603
Debian Bug : 1027143 1027808

Multiple security vulnerabilities have been discovered in OpenImageIO, a
library for reading and writing images. Buffer overflows and out-of-bounds
read and write programming errors may lead to a denial of service
(application crash) or the execution of arbitrary code if a malformed image
file is processed.

For the stable distribution (bullseye), these problems have been fixed in
version 2.2.10.1+dfsg-1+deb11u1.

We recommend that you upgrade your openimageio packages.

For the detailed security status of openimageio please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openimageio

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11s390xpython3-openimageio< 2.2.10.1+dfsg-1+deb11u1python3-openimageio_2.2.10.1+dfsg-1+deb11u1_s390x.deb
Debian11s390xopenimageio-tools< 2.2.10.1+dfsg-1+deb11u1openimageio-tools_2.2.10.1+dfsg-1+deb11u1_s390x.deb
Debian10armhfopenimageio-tools< 2.0.5~dfsg0-1+deb10u2openimageio-tools_2.0.5~dfsg0-1+deb10u2_armhf.deb
Debian10arm64libopenimageio2.0-dbgsym< 2.0.5~dfsg0-1+deb10u2libopenimageio2.0-dbgsym_2.0.5~dfsg0-1+deb10u2_arm64.deb
Debian11arm64libopenimageio2.2< 2.2.10.1+dfsg-1+deb11u1libopenimageio2.2_2.2.10.1+dfsg-1+deb11u1_arm64.deb
Debian11armelopenimageio-tools< 2.2.10.1+dfsg-1+deb11u1openimageio-tools_2.2.10.1+dfsg-1+deb11u1_armel.deb
Debian11armhfopenimageio-tools-dbgsym< 2.2.10.1+dfsg-1+deb11u1openimageio-tools-dbgsym_2.2.10.1+dfsg-1+deb11u1_armhf.deb
Debian10i386libopenimageio-dev< 2.0.5~dfsg0-1+deb10u2libopenimageio-dev_2.0.5~dfsg0-1+deb10u2_i386.deb
Debian10arm64libopenimageio2.0< 2.0.5~dfsg0-1+deb10u2libopenimageio2.0_2.0.5~dfsg0-1+deb10u2_arm64.deb
Debian10armhflibopenimageio-dev< 2.0.5~dfsg0-1+deb10u2libopenimageio-dev_2.0.5~dfsg0-1+deb10u2_armhf.deb
Rows per page:
1-10 of 951

Related

openvas 6
osv 23
nessus 5
debian 2
talosblog 2
mageia 1
gentoo 1
fedora 2
talos 18
cve 22
ubuntucve 19
cvelist 21
nvd 21
cnvd 14
debiancve 22
prion 20
openvas
openvas
Debian: Security Advisory (DSA-5384-1)
2023-04-11 00:00:00
Debian: Security Advisory (DLA-3382-1)
2023-04-11 00:00:00
Mageia: Security Advisory (MGASA-2023-0151)
2023-04-24 00:00:00
osv
osv
openimageio - security update
2023-04-05 00:00:00
openimageio - security update
2023-04-10 00:00:00
openimageio - security update
2023-08-07 00:00:00
nessus
nessus
Debian DLA-3382-1 : openimageio - LTS security update
2023-04-10 00:00:00
Debian DSA-5384-1 : openimageio - security update
2023-04-11 00:00:00
GLSA-202305-33 : OpenImageIO: Multiple Vulnerabilities
2023-05-30 00:00:00
debian
debian
[SECURITY] [DLA 3382-1] openimageio security update
2023-04-04 23:34:51
[SECURITY] [DLA 3518-1] openimageio security update
2023-08-06 22:40:27
talosblog
talosblog
Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service
2022-12-22 15:39:25
Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser
2023-03-30 16:00:20
mageia
mageia
Updated openimageio packages fix security vulnerability
2023-04-24 03:20:26
gentoo
gentoo
OpenImageIO: Multiple Vulnerabilities
2023-05-30 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: OpenImageIO-2.3.21.0-1.fc36
2022-12-31 01:17:01
[SECURITY] Fedora 37 Update: OpenImageIO-2.4.6.1-1.fc37
2023-01-01 01:38:37
talos
talos
OpenImageIO Project OpenImageIO IFFOutput wild write vulnerability
2022-12-22 00:00:00
OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability
2022-12-22 00:00:00
OpenImageIO Project OpenImageIO IFFOutput alignment padding memory corruption vulnerability
2022-12-22 00:00:00
cve
cve
CVE-2022-43598
2022-12-22 22:15:16
CVE-2022-43602
2022-12-22 22:15:16
CVE-2022-43592
2022-12-22 22:15:16
ubuntucve
ubuntucve
CVE-2022-43597
2022-12-22 00:00:00
CVE-2022-43594
2022-12-22 00:00:00
CVE-2022-41837
2022-12-22 00:00:00
cvelist
cvelist
CVE-2022-43602
2022-12-22 00:00:00
CVE-2022-43598
2022-12-22 00:00:00
CVE-2022-43596
2022-12-22 00:00:00
nvd
nvd
CVE-2022-43600
2022-12-22 22:15:16
CVE-2022-43596
2022-12-22 22:15:16
CVE-2022-41837
2022-12-22 22:15:15
cnvd
cnvd
OpenImageIO Code Execution Vulnerability (CNVD-2023-01792)
2022-12-23 00:00:00
OpenImageIO Information Disclosure Vulnerability (CNVD-2023-55387)
2022-12-23 00:00:00
OpenImageIO Information Disclosure Vulnerability (CNVD-2023-55386)
2022-12-23 00:00:00
debiancve
debiancve
CVE-2022-43601
2022-12-22 22:15:16
CVE-2022-43597
2022-12-22 22:15:16
CVE-2022-41837
2022-12-22 22:15:15
prion
prion
Null pointer dereference
2022-12-22 22:15:00
Null pointer dereference
2022-12-22 22:15:00
Heap overflow
2022-12-22 22:15:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

JSON
Related for DEBIAN:DSA-5384-1:C42DB
openvas6osv23nessus5debian2talosblog2mageia1gentoo1fedora2talos18cve22ubuntucve19cvelist21nvd21cnvd14debiancve22prion20