Openimageio Project Openimageio vulnerabilities

CVE-2022-43594 [MEDIUM] CWE-476 CVE-2022-43594: Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenIm Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp fil

CVE-2022-43596 [MEDIUM] CWE-125 CVE-2022-43596: An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality o An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.

CVE-2022-36354 [MEDIUM] CWE-193 CVE-2022-36354: A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicio

CVE-2022-43603 [MEDIUM] CWE-476 CVE-2022-43603: A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Pr A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43593 [MEDIUM] CWE-476 CVE-2022-43593: A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Proj A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.

CVE-2022-41684 [MEDIUM] CWE-125 CVE-2022-41684: A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsin A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-41977 [LOW] CWE-125 CVE-2022-41977: An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.