Openimageio Project Openimageio vulnerabilities

CVE-2023-22845 [HIGH] CWE-125 CVE-2023-22845: An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImag An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-24473 [HIGH] CWE-125 CVE-2023-24473: An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of Op An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-24472 [HIGH] CWE-674 CVE-2023-24472: A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Pro A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.

CVE-2022-41837 [CRITICAL] CWE-562 CVE-2022-41837: An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-41639 [CRITICAL] CWE-122 CVE-2022-41639: A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in Open A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-41649 [CRITICAL] CWE-125 CVE-2022-41649: A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF image A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-41838 [CRITICAL] CWE-122 CVE-2022-41838: A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Proje A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-38143 [CRITICAL] CWE-123 CVE-2022-38143: A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encod A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-41794 [CRITICAL] CWE-122 CVE-2022-41794: A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of Open A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43599 [HIGH] CWE-122 CVE-2022-43599: Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m

CVE-2022-43601 [HIGH] CWE-122 CVE-2022-43601: Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m

CVE-2022-41999 [HIGH] CWE-476 CVE-2022-41999: A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43602 [HIGH] CWE-122 CVE-2022-43602: Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m

CVE-2022-41988 [HIGH] CWE-125 CVE-2022-41988: An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality o An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43598 [HIGH] CWE-122 CVE-2022-43598: Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeD

CVE-2022-43597 [HIGH] CWE-122 CVE-2022-43597: Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeD

CVE-2022-43600 [HIGH] CWE-122 CVE-2022-43600: Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m

CVE-2022-41981 [HIGH] CWE-121 CVE-2022-41981: A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3 A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43592 [MEDIUM] CWE-125 CVE-2022-43592: An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageI An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.

CVE-2022-43595 [MEDIUM] CWE-476 CVE-2022-43595: Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenIm Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits fi