CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 1CVE-2022-43600 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-43600
22 Dec 2022 — Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` Existen múltiples vulnerabilidades de ejecución de código en la funcionalidad IFFOutput::close() de OpenImageIO Project Ope... • https://security.gentoo.org/glsa/202305-33 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 1CVE-2022-43601 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-43601
22 Dec 2022 — Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` Existen múltiples vulnerabilidades de ejecución de código en la funcionalidad IFFOutput::close() del proyecto OpenImageIO O... • https://security.gentoo.org/glsa/202305-33 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 1CVE-2022-43602 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-43602
22 Dec 2022 — Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` Existen múltiples vulnerabilidades de ejecución de código en la funcionalidad IFFOutput::close() del proyecto OpenImageIO Op... • https://security.gentoo.org/glsa/202305-33 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-43603 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-43603
22 Dec 2022 — A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de Denegación de Servicio (DoS) en la funcionalidad ZfileOutput::close() de OpenImageIO Project OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente manipulado puede provocar una Denegación de Servicio (DoS). • https://security.gentoo.org/glsa/202305-33 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41999 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-41999
22 Dec 2022 — A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de Denegación de Servicio (DoS) en la funcionalidad de lectura de mosaicos nativos DDS de OpenImageIO Project OpenImageIO v2.3.19.0 y v2.4.4.2. Un .dds especialmente manipulado puede provocar una Denegación de Ser... • https://security.gentoo.org/glsa/202305-33 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41837 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-41837
22 Dec 2022 — An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de los límites en la funcionalidad OpenImageIO::add_exif_item_to_spec de OpenImageIO Project OpenImageIO v2.4.4.2. Los metadatos exif especialmente manipulados pueden provocar... • https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html • CWE-562: Return of Stack Variable Address CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-41838 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-41838
22 Dec 2022 — A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de ejecución de código en la funcionalidad de análisis de línea de exploración DDS de OpenImageIO Project OpenImageIO v2.4.4.2. Un .dds especialmente manipulado puede provocar un desbordamiento de búfer de almacenamiento dinámic... • https://security.gentoo.org/glsa/202305-33 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •