rpm package
opensuse/OpenImageIO&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/OpenImageIO&distro=openSUSE%20Tumbleweed
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-7582 | Med | 5.3 | < 3.1.13.1-2.1 | 3.1.13.1-2.1 | May 1, 2026 | A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be ap | |
| CVE-2024-55194 | — | < 3.1.14.0-1.1 | 3.1.14.0-1.1 | Jan 23, 2025 | OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h. | ||
| CVE-2024-40630 | Med | 4.3 | < 2.5.13.1-1.1 | 2.5.13.1-1.1 | Jul 15, 2024 | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in th | |
| CVE-2023-24473 | — | < 2.4.8.1-1.1 | 2.4.8.1-1.1 | Mar 30, 2023 | An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this v | ||
| CVE-2023-22845 | — | < 2.4.8.1-1.1 | 2.4.8.1-1.1 | Mar 30, 2023 | An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2023-24472 | — | < 2.4.8.1-1.1 | 2.4.8.1-1.1 | Mar 30, 2023 | A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. | ||
| CVE-2022-4198 | — | < 2.4.5.0-1.1 | 2.4.5.0-1.1 | Jan 2, 2023 | The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisi | ||
| CVE-2022-43603 | — | < 2.4.6.0-1.1 | 2.4.6.0-1.1 | Dec 23, 2022 | A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2022-43599 | — | < 2.4.6.0-1.1 | 2.4.6.0-1.1 | Dec 23, 2022 | Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.T | ||
| CVE-2022-43597 | — | < 2.4.6.0-1.1 | 2.4.6.0-1.1 | Dec 23, 2022 | Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vul | ||
| CVE-2022-43596 | — | < 2.4.6.0-1.1 | 2.4.6.0-1.1 | Dec 23, 2022 | An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerabili | ||
| CVE-2022-43595 | — | < 2.4.6.0-1.1 | 2.4.6.0-1.1 | Dec 23, 2022 | Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigg | ||
| CVE-2022-43594 | — | < 2.4.6.0-1.1 | 2.4.6.0-1.1 | Dec 23, 2022 | Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigg | ||
| CVE-2022-43593 | — | < 2.4.6.0-1.1 | 2.4.6.0-1.1 | Dec 23, 2022 | A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability. | ||
| CVE-2022-43592 | — | < 2.4.6.0-1.1 | 2.4.6.0-1.1 | Dec 23, 2022 | An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. | ||
| CVE-2022-41999 | — | < 2.4.5.0-1.1 | 2.4.5.0-1.1 | Dec 23, 2022 | A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2022-41988 | — | < 2.4.5.0-1.1 | 2.4.5.0-1.1 | Dec 23, 2022 | An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger th | ||
| CVE-2022-41977 | — | < 2.4.5.0-1.1 | 2.4.5.0-1.1 | Dec 23, 2022 | An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2022-41838 | — | < 2.4.5.0-1.1 | 2.4.5.0-1.1 | Dec 23, 2022 | A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2022-41794 | — | < 2.4.5.0-1.1 | 2.4.5.0-1.1 | Dec 23, 2022 | A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. |
- affected < 3.1.13.1-2.1fixed 3.1.13.1-2.1
A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be ap
- CVE-2024-55194Jan 23, 2025affected < 3.1.14.0-1.1fixed 3.1.14.0-1.1
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.
- affected < 2.5.13.1-1.1fixed 2.5.13.1-1.1
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in th
- CVE-2023-24473Mar 30, 2023affected < 2.4.8.1-1.1fixed 2.4.8.1-1.1
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this v
- CVE-2023-22845Mar 30, 2023affected < 2.4.8.1-1.1fixed 2.4.8.1-1.1
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2023-24472Mar 30, 2023affected < 2.4.8.1-1.1fixed 2.4.8.1-1.1
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.
- CVE-2022-4198Jan 2, 2023affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1
The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisi
- CVE-2022-43603Dec 23, 2022affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1
A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-43599Dec 23, 2022affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.T
- CVE-2022-43597Dec 23, 2022affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vul
- CVE-2022-43596Dec 23, 2022affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1
An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerabili
- CVE-2022-43595Dec 23, 2022affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigg
- CVE-2022-43594Dec 23, 2022affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigg
- CVE-2022-43593Dec 23, 2022affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1
A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.
- CVE-2022-43592Dec 23, 2022affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.
- CVE-2022-41999Dec 23, 2022affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1
A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-41988Dec 23, 2022affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1
An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger th
- CVE-2022-41977Dec 23, 2022affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-41838Dec 23, 2022affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-41794Dec 23, 2022affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Page 1 of 2