{"id":"MGASA-2023-0151","summary":"Updated openimageio packages fix security vulnerability","details":"A heap out-of-bounds read vulnerability exists in the RLA format parser of\nOpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in\nthe way run-length encoded byte spans are handled. A malformed RLA file\ncan lead to an out-of-bounds read of heap metadata which can result in\nsensitive information leak. (CVE-2022-36354)\n\nA heap out-of-bounds write vulnerability exists in the way OpenImageIO\nv2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file\ncan write to arbitrary out of bounds memory, which can lead to arbitrary\ncode execution. (CVE-2022-38143)\n\nA heap based buffer overflow vulnerability exists in tile decoding code of\nTIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A\nspecially-crafted TIFF file can lead to an out of bounds memory\ncorruption, which can result in arbitrary code execution.\n(CVE-2022-41639)\n\nA heap out of bounds read vulnerability exists in the OpenImageIO\nmaster-branch-9aeece7a when parsing the image file directory part of a PSD\nimage file. A specially-crafted .psd file can cause a read of arbitrary\nmemory address which can lead to denial of service. (CVE-2022-41684)\n\nA heap based buffer overflow vulnerability exists in the PSD thumbnail\nresource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD\nfile can lead to arbitrary code execution. (CVE-2022-41794)\n\nA code execution vulnerability exists in the DDS scanline parsing\nfunctionality of OpenImageIO Project OpenImageIO v2.4.4.2. A\nspecially-crafted .dds can lead to a heap buffer overflow.\n(CVE-2022-41838)\n\nAn out of bounds read vulnerability exists in the way OpenImageIO version\nv2.3.19.0 processes string fields in TIFF image files. A specially-crafted\nTIFF file can lead to information disclosure. (CVE-2022-41977)\n\nA stack-based buffer overflow vulnerability exists in the TGA file format\nparser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead\nto out of bounds read and write on the process stack, which can lead to\narbitrary code execution. (CVE-2022-41981)\n\nAn information disclosure vulnerability exists in the\nOpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project\nOpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a\ndisclosure of sensitive information. (CVE-2022-41988)\n\nA denial of service vulnerability exists in the DDS native tile reading\nfunctionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A\nspecially-crafted .dds can lead to denial of service. (CVE-2022-41999)\n\nAn information disclosure vulnerability exists in the DPXOutput::close()\nfunctionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially\ncrafted ImageOutput Object can lead to leaked heap data. (CVE-2022-43592)\n\nA denial of service vulnerability exists in the DPXOutput::close()\nfunctionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially\ncrafted ImageOutput Object can lead to null pointer dereference.\n(CVE-2022-43593)\n\nMultiple denial of service vulnerabilities exist in the image output\nclosing functionality of OpenImageIO Project OpenImageIO v2.4.4.2.\nSpecially crafted ImageOutput Objects can lead to multiple null pointer\ndereferences. This vulnerability applies to writing .bmp files.\n(CVE-2022-43594)\n\nMultiple denial of service vulnerabilities exist in the image output\nclosing functionality of OpenImageIO Project OpenImageIO v2.4.4.2.\nSpecially crafted ImageOutput Objects can lead to multiple null pointer\ndereferences. This vulnerability applies to writing .fits files.\n(CVE-2022-43595)\n\nAn information disclosure vulnerability exists in the IFFOutput channel\ninterleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A\nspecially crafted ImageOutput Object can lead to leaked heap data.\n(CVE-2022-43596)\n\nMultiple memory corruption vulnerabilities exist in the IFFOutput\nalignment padding functionality of OpenImageIO Project OpenImageIO\nv2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary\ncode execution. This vulnerability arises when the 'm_spec.format' is\n'TypeDesc::UINT8'. (CVE-2022-43597)\n\nMultiple memory corruption vulnerabilities exist in the IFFOutput\nalignment padding functionality of OpenImageIO Project OpenImageIO\nv2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary\ncode execution. This vulnerability arises when the 'm_spec.format' is\n'TypeDesc::UINT16'. (CVE-2022-43598)\n\nMultiple code execution vulnerabilities exist in the IFFOutput::close()\nfunctionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially\ncrafted ImageOutput Object can lead to a heap buffer overflow. This\nvulnerability arises when the 'xmax' variable is set to 0xFFFF and\n'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43599)\n\nMultiple code execution vulnerabilities exist in the IFFOutput::close()\nfunctionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially\ncrafted ImageOutput Object can lead to a heap buffer overflow. This\nvulnerability arises when the 'xmax' variable is set to 0xFFFF and\n'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43600)\n\nMultiple code execution vulnerabilities exist in the IFFOutput::close()\nfunctionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially\ncrafted ImageOutput Object can lead to a heap buffer overflow. This\nvulnerability arises when the 'ymax' variable is set to 0xFFFF and\n'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43601)\n\nMultiple code execution vulnerabilities exist in the IFFOutput::close()\nfunctionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially\ncrafted ImageOutput Object can lead to a heap buffer overflow. This\nvulnerability arises when the 'ymax' variable is set to 0xFFFF and\n'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43602)\n\nA denial of service vulnerability exists in the ZfileOutput::close()\nfunctionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially\ncrafted ImageOutput Object can lead to denial of service. (CVE-2022-43603)\n\nAn out-of-bounds read vulnerability exists in the TGAInput::decode_pixel()\nfunctionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially\ncrafted targa file can lead to information disclosure. (CVE-2023-22845)\n\nA denial of service vulnerability exists in the FitsOutput::close()\nfunctionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially\ncrafted ImageOutput Object can lead to denial of service. (CVE-2023-24472)\n\nAn information disclosure vulnerability exists in the\nTGAInput::read_tga2_header functionality of OpenImageIO Project\nOpenImageIO v2.4.7.1. A specially crafted targa file can lead to a\ndisclosure of sensitive information. (CVE-2023-24473)\n","modified":"2026-01-31T20:35:35.701442Z","published":"2023-04-24T00:20:26Z","related":["CVE-2022-36354","CVE-2022-38143","CVE-2022-41639","CVE-2022-41684","CVE-2022-41794","CVE-2022-41838","CVE-2022-41977","CVE-2022-41981","CVE-2022-41988","CVE-2022-41999","CVE-2022-43592","CVE-2022-43593","CVE-2022-43594","CVE-2022-43595","CVE-2022-43596","CVE-2022-43597","CVE-2022-43598","CVE-2022-43599","CVE-2022-43600","CVE-2022-43601","CVE-2022-43602","CVE-2022-43603","CVE-2023-22845","CVE-2023-24472","CVE-2023-24473"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0151.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31364"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T3LET4MEPBSBJZK4EMLEBY4FUXKU5BMN/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MLUXEL7AB2S5ACSDCHG67GEZHUYZBR5O/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LK6TY36VQ3FQXMZ2VXHZGQ43VDLD67GG/"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2023/dla-3382"},{"type":"REPORT","url":"https://www.debian.org/security/2023/dsa-5384"}],"affected":[{"package":{"name":"openimageio","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/openimageio?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.10.0-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0151.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}