Debian Openimageio vulnerabilities

CVE-2024-55192 [CRITICAL] CVE-2024-55192: openimageio - OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the compon... OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*). Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.5.19.1+dfsg-2) trixie: open

CVE-2024-55193 [CRITICAL] CVE-2024-55193: openimageio - OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via t... OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-55194 [CRITICAL] CVE-2024-55194: openimageio - OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the compon... OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-55195 [HIGH] CVE-2024-55195: openimageio - An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.... An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.5.18.0+dfsg-1) sid: resolved (fixed in 2.5.18.0+dfsg-1) trixie: resolved (fixed in 2.5.18.0+dfsg-1)

CVE-2024-40630 [MEDIUM] CVE-2024-40630: openimageio - OpenImageIO is a toolset for reading, writing, and manipulating image files of a... OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input functionality of OpenImageIO. Specifically, in `HeifInput::seek_subim

CVE-2023-42299 [CRITICAL] CVE-2023-42299: openimageio - Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote att... Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.4.13.0+dfsg-1) sid: resolved (fixed in 2.4.13.0+dfsg-1) trixie: resolved (fixed in 2.4.13.0+dfsg-1)

CVE-2023-36183 [HIGH] CVE-2023-36183: openimageio - Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remo... Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.4.13.0+dfsg-1) sid: resolved (fixed in 2.4.13.0+dfsg-1) trixie: resolved (fixed in 2.4.13.0+dfsg-1)

CVE-2023-42295 [HIGH] CVE-2023-42295: openimageio - An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbi... An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.4.16.0+dfsg-1) sid: resolved (fixed in 2.4.16.0+dfsg-1) trixie: resolved (fixed in 2.4.16.0+dfsg-1)

CVE-2023-22845 [HIGH] CVE-2023-22845: openimageio - An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() funct... An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.4.13.0+dfsg-1) sid:

CVE-2023-3430 [HIGH] CVE-2023-3430: openimageio - A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in... A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service. Scope: local bookworm: open bullseye: open forky: resolve

CVE-2023-24472 [HIGH] CVE-2023-24472: openimageio - A denial of service vulnerability exists in the FitsOutput::close() functionalit... A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.4.13.0+dfsg-1) sid: resol

CVE-2023-24473 [MEDIUM] CVE-2023-24473: openimageio - An information disclosure vulnerability exists in the TGAInput::read_tga2_header... An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: resolved (fixed in

CVE-2022-41639 [CRITICAL] CVE-2022-41639: openimageio - A heap based buffer overflow vulnerability exists in tile decoding code of TIFF ... A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookw

CVE-2022-41837 [CRITICAL] CVE-2022-41837: openimageio - An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to... An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7.1+dfsg-2) bullseye:

CVE-2022-41838 [CRITICAL] CVE-2022-41838: openimageio - A code execution vulnerability exists in the DDS scanline parsing functionality ... A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7.1+dfsg-2) bullseye: resolved (fixed in 2.2.10.1+dfsg-1

CVE-2022-38143 [CRITICAL] CVE-2022-38143: openimageio - A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0... A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7.1+dfsg-

CVE-2022-41649 [CRITICAL] CVE-2022-41649: openimageio - A heap out of bounds read vulnerability exists in the handling of IPTC data whil... A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in

CVE-2022-41794 [CRITICAL] CVE-2022-41794: openimageio - A heap based buffer overflow vulnerability exists in the PSD thumbnail resource ... A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7.1+dfsg-2) bullseye: resolved (fixed in 2.2.10.1+dfsg-1+

CVE-2022-43597 [HIGH] CVE-2022-43597: openimageio - Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padd... Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`

CVE-2022-43600 [HIGH] CVE-2022-43600: openimageio - Multiple code execution vulnerabilities exist in the IFFOutput::close() function... Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.forma