OpenImageIO (OIIO) 2.3.19.0

CPE Details

OpenImageIO (OIIO) 2.3.19.0
2.3.19.0
2022-12-28
18h38 +00:00
2023-04-04
17h10 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openimageio:openimageio:2.3.19.0:*:*:*:*:*:*:*

Informations

Vendor

openimageio

Product

openimageio

Version

2.3.19.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-36183 2023-07-02
22h00 +00:00
Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.
7.8
High
CVE-2022-36354 2022-12-23
23h03 +00:00
A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.
5.3
Medium
CVE-2022-38143 2022-12-23
23h03 +00:00
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
9.8
Critical
CVE-2022-41639 2022-12-23
23h03 +00:00
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
9.8
Critical
CVE-2022-41649 2022-12-23
23h03 +00:00
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.
9.1
Critical
CVE-2022-41794 2022-12-23
23h03 +00:00
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
9.8
Critical
CVE-2022-41977 2022-12-23
23h03 +00:00
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
3.3
Low
CVE-2022-41981 2022-12-23
23h03 +00:00
A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
8.1
High
CVE-2022-41988 2022-12-23
23h03 +00:00
An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.
7.5
High
CVE-2022-41999 2022-12-23
23h03 +00:00
A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.
7.5
High