Fedora: Security Advisory for OpenImageIO (FEDORA-2022-fc361cc7b6)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: OpenImageIO-2.4.6.1-1.fc37

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

[SECURITY] Fedora 36 Update: OpenImageIO-2.3.21.0-1.fc36

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

Fedora 36 : OpenImageIO (2022-e63bc3eca2)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e63bc3eca2 advisory. Update to 2.3.21.0. Security fix for CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977...

Fedora: Security Advisory for OpenImageIO (FEDORA-2022-e63bc3eca2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-43602

Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability...

CVE-2022-43599

OpenImageIO CVE-2022-43599 affects OpenImageIO v2.4.4.2, where the IFFOutput::close() path can trigger a heap buffer overflow when xmax is 0xFFFF and m_spec.format is TypeDesc::UINT8. Connected advisories (GLSA 202305-33, Debian DSA-5384, Debian DLA-3382) describe this family of OpenImageIO vulne...

CVE-2022-41794

OpenImageIO-PSD parsing vulnerability CVE-2022-41794 is a heap-based buffer overflow in the PSD thumbnail resource parsing of OpenImageIO 2.3.19.0 that can allow arbitrary code execution via a crafted PSD file. The issue has been addressed in various vendor advisories; affected users should upgra...

CVE-2022-43597

CVE-2022-43597 affects OpenImageIO (OpenImageIO v2.4.4.2) via multiple memory corruption vulnerabilities in IFFOutput alignment padding, triggered when m_spec.format is TypeDesc::UINT8. The issue can lead to arbitrary code execution. Public advisories reference affected versions and fixes; remedi...

CVE-2022-41838

CVE-2022-41838: OpenImageIO v2.4.4.2 DDS scanline parsing contains a heap buffer overflow when processing a specially crafted .dds, enabling code execution as described in multiple advisories. Connected sources indicate remediation via upgrading to OpenImageIO 2.4.6.0 or newer (e.g., Gentoo/Magei...

CVE-2022-41684

CVE-2022-41684 is a heap out-of-bounds read vulnerability in OpenImageIO (master-branch-9aeece7a) when parsing the image file directory of PSD files. A specially crafted PSD can cause a read from arbitrary heap memory, leading to denial of service. Affected component: OpenImageIO PSD parsing code...

CVE-2022-41639

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a...

CVE-2022-41838

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-41639

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a...

CVE-2022-43603

A denial of service vulnerability exists in the ZfileOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-43599

Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability...

CVE-2022-41794

A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-41684

A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a...

CVE-2022-41988

CVE-2022-41988 describes an information disclosure in OpenImageIO’s decode_iptc_iim() for OpenImageIO v2.3.19.0. A specially-crafted TIFF can disclose sensitive information. Connected sources corroborate this OpenImageIO information disclosure vulnerability and tie it to multiple advisories acros...

CVE-2022-43603

A denial of service vulnerability exists in the ZfileOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability...