816 matches found
CVE-2022-38143
CVE-2022-38143 is a heap out-of-bounds write vulnerability in OpenImageIO v2.3.19.0 when processing RLE-encoded BMP images. A crafted BMP can write to arbitrary out-of-bounds memory, potentially enabling arbitrary code execution. Public notices confirm the issue exists and provide upgrade paths. ...
CVE-2022-43598
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This...
CVE-2022-43598
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This...
CVE-2022-41977
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-41988
An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-43592
CVE-2022-43592 affects OpenImageIO (notably OpenImageIO v2.4.4.2). The issue is an information disclosure in the DPXOutput::close() path: a specially crafted ImageOutput object can leak heap data. Available connected advisories confirm the root cause in DPXOutput::close() and classify the impact ...
CVE-2022-43595
CVE-2022-43595 is part of OpenImageIO OpenImageIO v2.4.4.2. It describes multiple denial-of-service vulnerabilities in the image output closing functionality, specifically leading to null pointer dereferences when handling ImageOutput and writing .fits files. The connected advisories confirm mult...
CVE-2022-43602
OpenImageIO vulnerabilities exist in IFFOutput::close() that can trigger heap buffer overflows when ymax is 0xFFFF and m_spec.format is TypeDesc::UINT8/UINT16, affecting OpenImageIO v2.4.4.2 (CVE-2022-43599/43600/43601 and related CVEs). Public advisories (Debian DSA-5384, GLSA-202305-33, Mageia ...
CVE-2022-41684
A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a...
CVE-2022-41977
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-43597
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This...
CVE-2022-38143
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...
CVE-2022-41988
An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-41999
A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability...
OpenImageIO heap out-of-bounds write vulnerability
OpenImageIO is an image read and write library that also provides several tools and applications. OpenImageIO v2.3.19.0 is vulnerable to a heap out-of-bounds write vulnerability when processing RLE-encoded BMP images. An attacker could exploit this vulnerability to write arbitrary out-of-bounds...
OpenImageIO Out-of-Bounds Read Vulnerability
OpenImageIO is an image read/write library, along with a number of tools and applications. An out-of-bounds read vulnerability exists in OpenImageIO. The vulnerability is caused due to an out-of-bounds read vulnerability when processing string fields in TIFF image files. An attacker can exploit...
OpenImageIO Heap Out-of-Bounds Read Vulnerability (CNVD-2023-01796)
OpenImageIO is an image read and write library that also provides several tools and applications. OpenImageIO v2.3.19.0 suffers from a heap out-of-bounds read vulnerability when processing IPTC data. An attacker could exploit this vulnerability to read heap memory via specially crafted TIFF files...
OpenImageIO heap out-of-bounds read vulnerability
OpenImageIO is an image read and write library that also provides several tools and applications. openImageIO is vulnerable to a heap out-of-bounds read vulnerability. An attacker can exploit this vulnerability to read heap metadata out of bounds via specially crafted RLA files, which can lead to...
OpenImageIO Heap Buffer Overflow Vulnerability
OpenImageIO is an image read and write library that also provides several tools and applications. a heap buffer overflow vulnerability exists in the PSD thumbnail resource parsing code in OpenImageIO v2.3.19.0. An attacker can exploit this vulnerability to cause arbitrary code execution via...
OpenImageIO Information Disclosure Vulnerability
OpenImageIO is an image read/write library, along with a number of tools and applications. OpenImageIO suffers from an information disclosure vulnerability that is caused by a flaw in the IFFOutput channel interleaving function. An attacker can exploit this vulnerability to obtain sensitive...