CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-3430 – Openimageio: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp
https://notcve.org/view.php?id=CVE-2023-3430
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service. Se encontró una vulnerabilidad en OpenImageIO, donde existe un desbordamiento de búfer de almacenamiento dinámico en el archivo src/gif.imageio/gifinput.cpp. Este fallo permite que un atacante remoto pase un archivo especialmente manipulado a la aplicación, lo que desencadena un desbordamiento de búfer de almacenamiento dinámico y podría causar una falla, lo que llevaría a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2218380 https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/3840 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42299
https://notcve.org/view.php?id=CVE-2023-42299
Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. Vulnerabilidad de desbordamiento de búfer en OpenImageIO oiio v.2.4.12.0 permite a un atacante remoto ejecutar código arbitrario y provocar una denegación de servicio a través de la función read_subimage_data. • https://github.com/OpenImageIO/oiio/issues/3840 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42295
https://notcve.org/view.php?id=CVE-2023-42295
An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c Un problema en OpenImageIO oiio v.2.4.12.0 permite a un atacante remoto ejecutar código arbitrario y provocar una denegación de servicio a través de la función read_rle_image del archivo bifs/unquantize.c • https://github.com/OpenImageIO/oiio/issues/3947 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36183
https://notcve.org/view.php?id=CVE-2023-36183
Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. • https://github.com/OpenImageIO/oiio/issues/3871 https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPHVMLS2LYMLURWFL7CMZ3Y7UMW3M4AW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYFTS5LK725R6KVIYJVTPN3A6B6C7E6D • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24473
https://notcve.org/view.php?id=CVE-2023-24473
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1707 • CWE-125: Out-of-bounds Read •