816 matches found
CVE-2022-43601
Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability...
CVE-2022-43595
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...
CVE-2022-43597
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This...
CVE-2022-43600
OpenImageIO CVE-2022-43600 affects OpenImageIO v2.4.4.2. The issue is in IFFOutput::close() where xmax=0xFFFF and TypeDesc::UINT16 can trigger a heap buffer overflow, potentially leading to denial of service or arbitrary code execution. Debian and GLSA advisories also reference related OpenImageI...
CVE-2022-41649
CVE-2022-41649 is a heap out-of-bounds read in OpenImageIO’s handling of IPTC data when parsing TIFF images in v2.3.19.0, enabling potential information disclosure via a malicious TIFF file. Connected advisories confirm affected OpenImageIO versions and recommend upgrading; GLSA-202305-33 suggest...
CVE-2022-43601
CVE-2022-43601 affects OpenImageIO OpenImageIO v2.4.4.2: multiple code-execution/heap-overflow risks in IFFOutput::close() when ymax is 0xFFFF with m_spec.format = TypeDesc::UINT16. Connected advisories confirm OpenImageIO vulnerabilities in this release and note remediation via upgrading to newe...
CVE-2022-43594
OpenImageIO OpenImageIO v2.4.4.2 contains multiple CVEs (including CVE-2022-43594) leading to denial of service via image output closing, with null pointer dereferences when writing BMP/other formats. Affected component is the ImageOutput close/format handling; root cause relates to memory safety...
CVE-2022-43598
OpenImageIO OpenImageIO v2.4.4.2 contains multiple memory corruption and out-of-bounds issues in the IFFOutput alignment padding path that can lead to arbitrary code execution when m_spec.format is TypeDesc::UINT8 or UINT16. Affected component: IFFOutput (format-dependent padding). Root cause: me...
CVE-2022-41837
An out-of-bounds write vulnerability exists in the OpenImageIO::addexifitemtospec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-41977
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-43596
An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability...
CVE-2022-43594
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...
CVE-2022-43593
OpenImageIO DPXOutput::close() vulnerability (CVE-2022-43593) affects OpenImageIO v2.4.4.2, where a specially crafted ImageOutput input can trigger a null pointer dereference and cause a denial of service. Public advisories confirm this CVE and recommend upgrading to a newer OpenImageIO release; ...
CVE-2022-41837
An out-of-bounds write vulnerability exists in the OpenImageIO::addexifitemtospec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-43593
A denial of service vulnerability exists in the DPXOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability...
CVE-2022-43601
Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability...
CVE-2022-43594
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...
CVE-2022-43603
A denial of service vulnerability exists in the ZfileOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-38143
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...
CVE-2022-43598
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This...