CVE-2023-24473
https://notcve.org/view.php?id=CVE-2023-24473
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1707 • CWE-125: Out-of-bounds Read •
CVE-2023-22845
https://notcve.org/view.php?id=CVE-2023-22845
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708 • CWE-125: Out-of-bounds Read •
CVE-2023-24472
https://notcve.org/view.php?id=CVE-2023-24472
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. • https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1709 • CWE-674: Uncontrolled Recursion •
CVE-2022-43603
https://notcve.org/view.php?id=CVE-2022-43603
A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de Denegación de Servicio (DoS) en la funcionalidad ZfileOutput::close() de OpenImageIO Project OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente manipulado puede provocar una Denegación de Servicio (DoS). • https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657 https://www.debian.org/security/2023/dsa-5384 • CWE-476: NULL Pointer Dereference •
CVE-2022-43602
https://notcve.org/view.php?id=CVE-2022-43602
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` Existen múltiples vulnerabilidades de ejecución de código en la funcionalidad IFFOutput::close() del proyecto OpenImageIO OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente diseñado puede provocar un desbordamiento de búfer de almacenamiento dinámico. Un atacante puede proporcionar información maliciosa para desencadenar estas vulnerabilidades. • https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 https://www.debian.org/security/2023/dsa-5384 • CWE-122: Heap-based Buffer Overflow •