CVE-2022-41838
https://notcve.org/view.php?id=CVE-2022-41838
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de ejecución de código en la funcionalidad de análisis de línea de exploración DDS de OpenImageIO Project OpenImageIO v2.4.4.2. Un .dds especialmente manipulado puede provocar un desbordamiento de búfer de almacenamiento dinámico. • https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634 https://www.debian.org/security/2023/dsa-5384 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-41837
https://notcve.org/view.php?id=CVE-2022-41837
An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de los límites en la funcionalidad OpenImageIO::add_exif_item_to_spec de OpenImageIO Project OpenImageIO v2.4.4.2. Los metadatos exif especialmente manipulados pueden provocar corrupción en la región stack de la memoria. • https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636 https://www.debian.org/security/2023/dsa-5384 • CWE-562: Return of Stack Variable Address CWE-787: Out-of-bounds Write •