Source: openimageio Version: 2.4.7.1+dfsg-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: fixed -1 2.4.9.0+dfsg-1
Hi, The following vulnerabilities were published for openimageio. CVE-2023-24473[0]: | An information disclosure vulnerability exists in the | TGAInput::read_tga2_header functionality of OpenImageIO Project | OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a | disclosure of sensitive information. An attacker can provide a | malicious file to trigger this vulnerability. CVE-2023-22845[1]: | An out-of-bounds read vulnerability exists in the | TGAInput::decode_pixel() functionality of OpenImageIO Project | OpenImageIO v2.4.7.1. A specially crafted targa file can lead to | information disclosure. An attacker can provide a malicious file to | trigger this vulnerability. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-24473 https://www.cve.org/CVERecord?id=CVE-2023-24473 [1] https://security-tracker.debian.org/tracker/CVE-2023-22845 https://www.cve.org/CVERecord?id=CVE-2023-22845 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
