Source: openimageio X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for openimageio. CVE-2022-43592[0]: | An information disclosure vulnerability exists in the | DPXOutput::close() functionality of OpenImageIO Project OpenImageIO | v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked | heap data. An attacker can provide malicious input to trigger this | vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651 CVE-2022-43593[1]: | A denial of service vulnerability exists in the DPXOutput::close() | functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially | crafted ImageOutput Object can lead to null pointer dereference. An | attacker can provide malicious input to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652 CVE-2022-43594[2]: | Multiple denial of service vulnerabilities exist in the image output | closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. | Specially crafted ImageOutput Objects can lead to multiple null | pointer dereferences. An attacker can provide malicious multiple | inputs to trigger these vulnerabilities.This vulnerability applies to | writing .bmp files. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 CVE-2022-43595[3]: | Multiple denial of service vulnerabilities exist in the image output | closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. | Specially crafted ImageOutput Objects can lead to multiple null | pointer dereferences. An attacker can provide malicious multiple | inputs to trigger these vulnerabilities.This vulnerability applies to | writing .fits files. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 CVE-2022-43596[4]: | An information disclosure vulnerability exists in the IFFOutput | channel interleaving functionality of OpenImageIO Project OpenImageIO | v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked | heap data. An attacker can provide malicious input to trigger this | vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654 CVE-2022-43597[5]: | Multiple memory corruption vulnerabilities exist in the IFFOutput | alignment padding functionality of OpenImageIO Project OpenImageIO | v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary | code execution. An attacker can provide malicious input to trigger | these vulnerabilities.This vulnerability arises when the | `m_spec.format` is `TypeDesc::UINT8`. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 CVE-2022-43598[6]: | Multiple memory corruption vulnerabilities exist in the IFFOutput | alignment padding functionality of OpenImageIO Project OpenImageIO | v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary | code execution. An attacker can provide malicious input to trigger | these vulnerabilities.This vulnerability arises when the | `m_spec.format` is `TypeDesc::UINT16`. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 CVE-2022-43599[7]: | Multiple code execution vulnerabilities exist in the | IFFOutput::close() functionality of OpenImageIO Project OpenImageIO | v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap | buffer overflow. An attacker can provide malicious input to trigger | these vulnerabilities.This vulnerability arises when the `xmax` | variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 CVE-2022-43600[8]: | Multiple code execution vulnerabilities exist in the | IFFOutput::close() functionality of OpenImageIO Project OpenImageIO | v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap | buffer overflow. An attacker can provide malicious input to trigger | these vulnerabilities.This vulnerability arises when the `xmax` | variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 CVE-2022-43601[9]: | Multiple code execution vulnerabilities exist in the | IFFOutput::close() functionality of OpenImageIO Project OpenImageIO | v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap | buffer overflow. An attacker can provide malicious input to trigger | these vulnerabilities.This vulnerability arises when the `ymax` | variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 CVE-2022-43602[10]: | Multiple code execution vulnerabilities exist in the | IFFOutput::close() functionality of OpenImageIO Project OpenImageIO | v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap | buffer overflow. An attacker can provide malicious input to trigger | these vulnerabilities.This vulnerability arises when the `ymax` | variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 CVE-2022-41639[11]: | A heap based buffer overflow vulnerability exists in tile decoding | code of TIFF image parser in OpenImageIO master-branch-9aeece7a and | v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds | memory corruption, which can result in arbitrary code execution. An | attacker can provide a malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633 CVE-2022-41649[12]: | A heap out of bounds read vulnerability exists in the handling of IPTC | data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially- | crafted TIFF file can cause a read of adjacent heap memory, which can | leak sensitive process information. An attacker can provide a | malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631 CVE-2022-41684[13]: | A heap out of bounds read vulnerability exists in the OpenImageIO | master-branch-9aeece7a when parsing the image file directory part of a | PSD image file. A specially-crafted .psd file can cause a read of | arbitrary memory address which can lead to denial of service. An | attacker can provide a malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632 CVE-2022-41794[14]: | A heap based buffer overflow vulnerability exists in the PSD thumbnail | resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD | file can lead to arbitrary code execution. An attacker can provide a | malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626 CVE-2022-41837[15]: | An out-of-bounds write vulnerability exists in the | OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO | Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead | to stack-based memory corruption. An attacker can provide a malicious | file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636 CVE-2022-41838[16]: | A code execution vulnerability exists in the DDS scanline parsing | functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A | specially-crafted .dds can lead to a heap buffer overflow. An attacker | can provide a malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634 CVE-2022-41977[17]: | An out of bounds read vulnerability exists in the way OpenImageIO | version v2.3.19.0 processes string fields in TIFF image files. A | specially-crafted TIFF file can lead to information disclosure. An | attacker can provide a malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627 CVE-2022-41981[18]: | A stack-based buffer overflow vulnerability exists in the TGA file | format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file | can lead to out of bounds read and write on the process stack, which | can lead to arbitrary code execution. An attacker can provide a | malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628 CVE-2022-41988[19]: | An information disclosure vulnerability exists in the | OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project | OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a | disclosure of sensitive information. An attacker can provide a | malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643 https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-43592 https://www.cve.org/CVERecord?id=CVE-2022-43592 [1] https://security-tracker.debian.org/tracker/CVE-2022-43593 https://www.cve.org/CVERecord?id=CVE-2022-43593 [2] https://security-tracker.debian.org/tracker/CVE-2022-43594 https://www.cve.org/CVERecord?id=CVE-2022-43594 [3] https://security-tracker.debian.org/tracker/CVE-2022-43595 https://www.cve.org/CVERecord?id=CVE-2022-43595 [4] https://security-tracker.debian.org/tracker/CVE-2022-43596 https://www.cve.org/CVERecord?id=CVE-2022-43596 [5] https://security-tracker.debian.org/tracker/CVE-2022-43597 https://www.cve.org/CVERecord?id=CVE-2022-43597 [6] https://security-tracker.debian.org/tracker/CVE-2022-43598 https://www.cve.org/CVERecord?id=CVE-2022-43598 [7] https://security-tracker.debian.org/tracker/CVE-2022-43599 https://www.cve.org/CVERecord?id=CVE-2022-43599 [8] https://security-tracker.debian.org/tracker/CVE-2022-43600 https://www.cve.org/CVERecord?id=CVE-2022-43600 [9] https://security-tracker.debian.org/tracker/CVE-2022-43601 https://www.cve.org/CVERecord?id=CVE-2022-43601 [10] https://security-tracker.debian.org/tracker/CVE-2022-43602 https://www.cve.org/CVERecord?id=CVE-2022-43602 [11] https://security-tracker.debian.org/tracker/CVE-2022-41639 https://www.cve.org/CVERecord?id=CVE-2022-41639 [12] https://security-tracker.debian.org/tracker/CVE-2022-41649 https://www.cve.org/CVERecord?id=CVE-2022-41649 [13] https://security-tracker.debian.org/tracker/CVE-2022-41684 https://www.cve.org/CVERecord?id=CVE-2022-41684 [14] https://security-tracker.debian.org/tracker/CVE-2022-41794 https://www.cve.org/CVERecord?id=CVE-2022-41794 [15] https://security-tracker.debian.org/tracker/CVE-2022-41837 https://www.cve.org/CVERecord?id=CVE-2022-41837 [16] https://security-tracker.debian.org/tracker/CVE-2022-41838 https://www.cve.org/CVERecord?id=CVE-2022-41838 [17] https://security-tracker.debian.org/tracker/CVE-2022-41977 https://www.cve.org/CVERecord?id=CVE-2022-41977 [18] https://security-tracker.debian.org/tracker/CVE-2022-41981 https://www.cve.org/CVERecord?id=CVE-2022-41981 [19] https://security-tracker.debian.org/tracker/CVE-2022-41988 https://www.cve.org/CVERecord?id=CVE-2022-41988 Please adjust the affected versions in the BTS as needed.
