CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2022-41794
https://notcve.org/view.php?id=CVE-2022-41794
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en el código de análisis de recursos de miniaturas PSD de OpenImageIO 2.3.19.0. Un archivo PSD especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626 https://www.debian.org/security/2023/dsa-5384 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41649
https://notcve.org/view.php?id=CVE-2022-41649
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de lectura fuera de los límites en el manejo de datos IPTC al analizar imágenes TIFF en OpenImageIO v2.3.19.0. Un archivo TIFF especialmente manipulado puede provocar una lectura de la memoria dinámica adyacente, lo que puede filtrar información confidencial del proceso. • https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631 https://www.debian.org/security/2023/dsa-5384 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2022-41639
https://notcve.org/view.php?id=CVE-2022-41639
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en el código de decodificación de mosaicos del analizador de imágenes TIFF en OpenImageIO master-branch-9aeece7a y v2.3.19.0. Un archivo TIFF especialmente manipulado puede provocar una corrupción de la memoria fuera de los límites, lo que puede provocar la ejecución de código arbitrario. • https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633 https://www.debian.org/security/2023/dsa-5384 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36354
https://notcve.org/view.php?id=CVE-2022-36354
A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de lectura fuera de los límites en el analizador de formato RLA de OpenImageIO master-branch-9aeece7a y v2.3.19.0. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629 • CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23537 – PJSIP vulnerable to heap buffer overflow when decoding STUN message
https://notcve.org/view.php?id=CVE-2022-23537
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1). PJSIP es una librería de comunicación multimedia gratuita y de código abierto escrita en lenguaje C que implementa protocolos basados en estándares como SIP, SDP, RTP, STUN, TURN e ICE. • https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •