Debian Openimageio vulnerabilities

CVE-2022-43599 [HIGH] CVE-2022-43599: openimageio - Multiple code execution vulnerabilities exist in the IFFOutput::close() function... Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.forma

CVE-2022-43598 [HIGH] CVE-2022-43598: openimageio - Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padd... Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16

CVE-2022-41981 [HIGH] CVE-2022-41981: openimageio - A stack-based buffer overflow vulnerability exists in the TGA file format parser... A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7

CVE-2022-41988 [HIGH] CVE-2022-41988: openimageio - An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_i... An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.3.21.0+dfsg-1) bullsey

CVE-2022-43601 [HIGH] CVE-2022-43601: openimageio - Multiple code execution vulnerabilities exist in the IFFOutput::close() function... Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.forma

CVE-2022-41999 [HIGH] CVE-2022-41999: openimageio - A denial of service vulnerability exists in the DDS native tile reading function... A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7.1+dfsg-2) bullseye: resolved (fixed in 2.2.

CVE-2022-43602 [HIGH] CVE-2022-43602: openimageio - Multiple code execution vulnerabilities exist in the IFFOutput::close() function... Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.forma

CVE-2022-43603 [MEDIUM] CVE-2022-43603: openimageio - A denial of service vulnerability exists in the ZfileOutput::close() functionali... A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7.1+dfsg-2) bullseye: resolved (fixed in 2.2.1

CVE-2022-43594 [MEDIUM] CVE-2022-43594: openimageio - Multiple denial of service vulnerabilities exist in the image output closing fun... Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files. Scope:

CVE-2022-43596 [MEDIUM] CVE-2022-43596: openimageio - An information disclosure vulnerability exists in the IFFOutput channel interlea... An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7.1+dfsg-2) bullseye: resolved (

CVE-2022-43593 [MEDIUM] CVE-2022-43593: openimageio - A denial of service vulnerability exists in the DPXOutput::close() functionality... A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7.1+dfsg-2) bullseye: resolved (fixed in 2

CVE-2022-43592 [MEDIUM] CVE-2022-43592: openimageio - An information disclosure vulnerability exists in the DPXOutput::close() functio... An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.4.7.1+dfsg-2) bullseye: resolved (fixed in 2.2

CVE-2022-43595 [MEDIUM] CVE-2022-43595: openimageio - Multiple denial of service vulnerabilities exist in the image output closing fun... Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files. Scope:

CVE-2022-41684 [MEDIUM] CVE-2022-41684: openimageio - A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-... A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: re

CVE-2022-36354 [MEDIUM] CVE-2022-36354: openimageio - A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenI... A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to

CVE-2022-41977 [LOW] CVE-2022-41977: openimageio - An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.1... An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.3.21.0+dfsg-1) bullseye: resolved (fixed in 2.2.10.1+d