Filtered by vendor Openimageio
Subscriptions
Filtered by product Openimageio
Subscriptions
Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43603 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2025-04-14 | 5.9 Medium |
| A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-36354 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2025-04-14 | 5.3 Medium |
| A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-24472 | 1 Openimageio | 1 Openimageio | 2025-02-13 | 7.5 High |
| A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. | ||||
| CVE-2022-43594 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2025-02-13 | 5.9 Medium |
| Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files. | ||||
| CVE-2022-38143 | 1 Openimageio | 1 Openimageio | 2025-02-13 | 9.8 Critical |
| A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-55192 | 1 Openimageio | 1 Openimageio | 2025-02-05 | 9.8 Critical |
| OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*). | ||||
| CVE-2024-55193 | 1 Openimageio | 1 Openimageio | 2025-01-29 | 6.5 Medium |
| OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. | ||||
| CVE-2024-55194 | 1 Openimageio | 1 Openimageio | 2025-01-29 | 9.8 Critical |
| OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h. | ||||
| CVE-2023-36183 | 1 Openimageio | 1 Openimageio | 2024-11-25 | 7.8 High |
| Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. | ||||
| CVE-2024-40630 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 4.3 Medium |
| OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input functionality of OpenImageIO. Specifically, in `HeifInput::seek_subimage()`. In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the `ImageInput` APIs. This bug has been addressed in commit `0a2dcb4c` which is included in the 2.5.13.1 release. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-42299 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 9.8 Critical |
| Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. | ||||
| CVE-2023-42295 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 8.8 High |
| An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | ||||
| CVE-2023-3430 | 2 Openimageio, Redhat | 2 Openimageio, Linux | 2024-11-21 | 7.5 High |
| A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service. | ||||
| CVE-2023-24473 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-22845 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 7.5 High |
| An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | ||||