Lucene search
K

10 matches found

OSV
OSV
added 2025/07/31 7:12 p.m.3 views

GHSA-H45X-QHG2-Q375 OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size

Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. Details When parsing STORAGEDEEPSCANLINE chunks from an EXR file, the following code from...

8.4CVSS8AI score0.00312EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/07/31 7:12 p.m.8 views

OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size

Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. Details When parsing STORAGEDEEPSCANLINE chunks from an EXR file, the following code from...

8.4CVSS7.3AI score0.00312EPSS
Exploits1References6Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.5 views

SUSE CVE-2022-41838

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.7AI score0.01813EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/12/31 12:0 a.m.47 views

Fedora 36 : OpenImageIO (2022-e63bc3eca2)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e63bc3eca2 advisory. Update to 2.3.21.0. Security fix for CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977...

9.8CVSS7.1AI score0.01854EPSS
Exploits13References12
CVE
CVE
added 2022/12/23 11:3 p.m.89 views

CVE-2022-41838

CVE-2022-41838: OpenImageIO v2.4.4.2 DDS scanline parsing contains a heap buffer overflow when processing a specially crafted .dds, enabling code execution as described in multiple advisories. Connected sources indicate remediation via upgrading to OpenImageIO 2.4.6.0 or newer (e.g., Gentoo/Magei...

9.8CVSS9.4AI score0.01813EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2022/12/23 12:0 a.m.20 views

OpenImageIO code execution vulnerability

OpenImageIO is an image read and write library that also provides several tools and applications. a code execution vulnerability exists in the OpenImageIO DDS scanline parsing feature. An attacker could exploit the vulnerability to cause a heap buffer overflow via a specially crafted .dds...

9.8CVSS4.5AI score0.01813EPSS
Exploits1References1
OSV
OSV
added 2022/12/22 10:15 p.m.21 views

CVE-2022-41838

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.6AI score0.01813EPSS
Exploits1References5
Prion
Prion
added 2022/12/22 10:15 p.m.19 views

Heap overflow

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

7.5CVSS9.5AI score0.01813EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2022/12/22 10:15 p.m.2 views

UBUNTU-CVE-2022-41838

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS8AI score0.01813EPSS
Exploits1References3
Talos
Talos
added 2022/12/22 12:0 a.m.36 views

OpenImageIO DDS scanline parsing code execution vulnerability

Talos Vulnerability Report TALOS-2022-1634 OpenImageIO DDS scanline parsing code execution vulnerability December 22, 2022 CVE Number CVE-2022-41838 SUMMARY A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A...

9.8CVSS9.5AI score0.01813EPSS
Exploits1
Rows per page
Query Builder