10 matches found
GHSA-H45X-QHG2-Q375 OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. Details When parsing STORAGEDEEPSCANLINE chunks from an EXR file, the following code from...
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. Details When parsing STORAGEDEEPSCANLINE chunks from an EXR file, the following code from...
SUSE CVE-2022-41838
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
Fedora 36 : OpenImageIO (2022-e63bc3eca2)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e63bc3eca2 advisory. Update to 2.3.21.0. Security fix for CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977...
CVE-2022-41838
CVE-2022-41838: OpenImageIO v2.4.4.2 DDS scanline parsing contains a heap buffer overflow when processing a specially crafted .dds, enabling code execution as described in multiple advisories. Connected sources indicate remediation via upgrading to OpenImageIO 2.4.6.0 or newer (e.g., Gentoo/Magei...
OpenImageIO code execution vulnerability
OpenImageIO is an image read and write library that also provides several tools and applications. a code execution vulnerability exists in the OpenImageIO DDS scanline parsing feature. An attacker could exploit the vulnerability to cause a heap buffer overflow via a specially crafted .dds...
CVE-2022-41838
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
Heap overflow
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
UBUNTU-CVE-2022-41838
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
OpenImageIO DDS scanline parsing code execution vulnerability
Talos Vulnerability Report TALOS-2022-1634 OpenImageIO DDS scanline parsing code execution vulnerability December 22, 2022 CVE Number CVE-2022-41838 SUMMARY A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A...