CVE-2022-41999

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-41999

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability...

OpenImageIO DDS scanline parsing code execution vulnerability

Talos Vulnerability Report TALOS-2022-1634 OpenImageIO DDS scanline parsing code execution vulnerability December 22, 2022 CVE Number CVE-2022-41838 SUMMARY A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A...

OpenImageIO DDS native tile reading denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1635 OpenImageIO DDS native tile reading denial of service vulnerability December 22, 2022 CVE Number CVE-2022-41999 SUMMARY A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and...

CVE-2021-43547 TwinOaks Computing CoreDX DDS Secure Network Amplification

TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure...

CVE-2022-0544

CVE-2022-0544 concerns Blender’s DDS loader, where an integer underflow can trigger an out-of-bounds read. The vulnerability affects Blender versions prior to 2.83.19, 2.93.8, and 3.1, as described in connected sources. The issue arises in how the DDS image is parsed, potentially allowing an atta...

Apple macOS ImageIO DDS image out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the DDS image parsing functionality of ImageIO library on Apple macOS Big Sur 11.6.1 and iOS 15.1. A specially-crafted DDS file can disclose sensitive memory content which can aid in exploitation of other vulnerabilities. An attacker can deliv...

CVE-2020-18734

CVE-2020-18734 involves a stack buffer overflow in /ddsi/q_bitset.h of Eclipse Cyclone DDS Project v0.1.0, which can cause the DDS subscriber server to crash. Connected sources confirm the affected component and file path, with no publicly documented exploitation details in the provided documents...

CVE-2019-19627

SROS 2 0.8.1 after CVE-2019-19625 is mitigated leaks ROS 2 node-related information regardless of the rtpsprotectionkind configuration. SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2...

CVE-2019-19625

SROS 2 0.8.1 which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2 leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document...

CVE-2019-19627

SROS 2 0.8.1 after CVE-2019-19625 is mitigated leaks ROS 2 node-related information regardless of the rtpsprotectionkind configuration. SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2...

CVE-2019-19625

SROS 2 0.8.1 which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2 leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document...

Design/Logic Flaw

SROS 2 0.8.1 after CVE-2019-19625 is mitigated leaks ROS 2 node-related information regardless of the rtpsprotectionkind configuration. SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2...

CVE-2019-19625

SROS 2 0.8.1 which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2 leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document...

CVE-2019-19625

CVE-2019-19625 affects SROS 2 0.8.1 (used with ROS 2) where a leaky default configuration in policy/defaults/dds/governance.xml leads to disclosure of node information. The vulnerability stems from how keys are generated/distributed by SROS 2 and its reliance on DDS security plugins; the leak is ...

CVE-2019-19627

SROS 2 0.8.1 after CVE-2019-19625 is mitigated leaks ROS 2 node-related information regardless of the rtpsprotectionkind configuration. SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2...

CVE-2019-19627

CVE-2019-19627 concerns SROS 2.0.8.1 leaking ROS 2 node–related information regardless of rtps_protection_kind, due to insecure/default configuration behavior described in related CVEs (notably CVE-2019-19625). The vulnerability centers on information disclosure of node details from SROS2/DDS int...

Design/Logic Flaw

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

CVE-2019-15137

The CVE-2019-15137 vulnerability affects the Access Control plugin in eProsima Fast RTPS (through version 1.9.0). The root cause is that fnmatch pattern matching is applied to topic name strings instead of the permission expressions themselves, enabling unintended connections between participants...

CVE-2015-8959

coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service CPU consumption via a crafted DDS file...