CVE-2022-41684

CVE-2022-41684 is a heap out-of-bounds read vulnerability in OpenImageIO (master-branch-9aeece7a) when parsing the image file directory of PSD files. A specially crafted PSD can cause a read from arbitrary heap memory, leading to denial of service. Affected component: OpenImageIO PSD parsing code...

CVE-2022-36354

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensiti...

CVE-2022-41794

A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-41838

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-43595

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...

CVE-2022-43598

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This...

CVE-2022-43595

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...

CVE-2022-43600

Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability...

CVE-2022-43593

A denial of service vulnerability exists in the DPXOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability...

CVE-2022-41988

An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-41649

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...

CVE-2022-41981

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger...

CVE-2022-41837

An out-of-bounds write vulnerability exists in the OpenImageIO::addexifitemtospec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-41684

A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a...

CVE-2022-43600

Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability...

CVE-2022-41999

CVE-2022-41999 affects OpenImageIO’s DDS native tile reading in OpenImageIO v2.3.19.0 and v2.4.4.2, enabling DoS via a crafted .dds file. Connected advisories confirm this bug and point to fixes in newer OpenImageIO releases (e.g., GLSA-202305-33 recommending upgrading to OpenImageIO >= 2.4.6....

CVE-2022-41639

OpenImageIO CVE-2022-41639 is a heap-based buffer overflow in the TIFF tile decoding code, present in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially crafted TIFF file can trigger out-of-bounds memory corruption, potentially leading to arbitrary code execution. Public advisories (De...

CVE-2022-43596

An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability...

CVE-2022-41977

CVE-2022-41977 affects OpenImageIO v2.3.19.0 with an out-of-bounds read when processing TIFF string fields, enabling information disclosure via a crafted file. Debian/Gentoo advisories recommend upgrading to fixed OpenImageIO releases (e.g., Debian 2.2.10.1+dfsg-1+deb11u1 or newer) to mitigate.

CVE-2022-41981

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger...