7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
28.4%
libOpenImageIO.so is vulnerable to Buffer Overflows. The vulnerability exists in readimg
function at icoinput.cpp
due to not handling the buffer size which allows an attacker to cause an application crash.
github.com/advisories/GHSA-m2x2-7xv3-gc3m
github.com/OpenImageIO/oiio/commit/aad99bad9a4f6b965f99a291f9c67458c8c982e8
github.com/OpenImageIO/oiio/issues/3871
lists.debian.org/debian-lts-announce/2023/08/msg00005.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPHVMLS2LYMLURWFL7CMZ3Y7UMW3M4AW/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYFTS5LK725R6KVIYJVTPN3A6B6C7E6D/
lists.fedoraproject.org/archives/list/[email protected]/message/CPHVMLS2LYMLURWFL7CMZ3Y7UMW3M4AW/
lists.fedoraproject.org/archives/list/[email protected]/message/OYFTS5LK725R6KVIYJVTPN3A6B6C7E6D/