5 matches found
Fedora 36 : OpenImageIO (2022-e63bc3eca2)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e63bc3eca2 advisory. Update to 2.3.21.0. Security fix for CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977...
CVE-2022-41838
CVE-2022-41838: OpenImageIO v2.4.4.2 DDS scanline parsing contains a heap buffer overflow when processing a specially crafted .dds, enabling code execution as described in multiple advisories. Connected sources indicate remediation via upgrading to OpenImageIO 2.4.6.0 or newer (e.g., Gentoo/Magei...
OpenImageIO code execution vulnerability
OpenImageIO is an image read and write library that also provides several tools and applications. a code execution vulnerability exists in the OpenImageIO DDS scanline parsing feature. An attacker could exploit the vulnerability to cause a heap buffer overflow via a specially crafted .dds...
CVE-2022-41838
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
Heap overflow
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...