VYPR

rpm package

opensuse/OpenImageIO&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/OpenImageIO&distro=openSUSE%20Tumbleweed

Vulnerabilities (24)

  • CVE-2026-7582MedMay 1, 2026
    affected < 3.1.13.1-2.1fixed 3.1.13.1-2.1

    A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be ap

  • CVE-2024-55194Jan 23, 2025
    affected < 3.1.14.0-1.1fixed 3.1.14.0-1.1

    OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

  • CVE-2024-40630MedJul 15, 2024
    affected < 2.5.13.1-1.1fixed 2.5.13.1-1.1

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in th

  • CVE-2023-24473Mar 30, 2023
    affected < 2.4.8.1-1.1fixed 2.4.8.1-1.1

    An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this v

  • CVE-2023-22845Mar 30, 2023
    affected < 2.4.8.1-1.1fixed 2.4.8.1-1.1

    An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2023-24472Mar 30, 2023
    affected < 2.4.8.1-1.1fixed 2.4.8.1-1.1

    A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.

  • CVE-2022-4198Jan 2, 2023
    affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1

    The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisi

  • CVE-2022-43603Dec 23, 2022
    affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1

    A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2022-43599Dec 23, 2022
    affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1

    Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.T

  • CVE-2022-43597Dec 23, 2022
    affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1

    Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vul

  • CVE-2022-43596Dec 23, 2022
    affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1

    An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerabili

  • CVE-2022-43595Dec 23, 2022
    affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1

    Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigg

  • CVE-2022-43594Dec 23, 2022
    affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1

    Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigg

  • CVE-2022-43593Dec 23, 2022
    affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1

    A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.

  • CVE-2022-43592Dec 23, 2022
    affected < 2.4.6.0-1.1fixed 2.4.6.0-1.1

    An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.

  • CVE-2022-41999Dec 23, 2022
    affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1

    A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2022-41988Dec 23, 2022
    affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1

    An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger th

  • CVE-2022-41977Dec 23, 2022
    affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1

    An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2022-41838Dec 23, 2022
    affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1

    A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2022-41794Dec 23, 2022
    affected < 2.4.5.0-1.1fixed 2.4.5.0-1.1

    A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Page 1 of 2