[Git][security-tracker-team/security-tracker][master] Add first batch of openimageio issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 24 08:16:04 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73d41e51 by Salvatore Bonaccorso at 2022-12-24T09:15:36+01:00
Add first batch of openimageio issues

Unfortunately more pending, with not yet clear upstream status and
reported by Cisco TALOS Project.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19535,11 +19535,15 @@ CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile
 CVE-2022-41991
 	RESERVED
 CVE-2022-41988 (An information disclosure vulnerability exists in the OpenImageIO::dec ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
+	NOTE: https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118
 CVE-2022-41838 (A code execution vulnerability exists in the DDS scanline parsing func ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634
 CVE-2022-41837 (An out-of-bounds write vulnerability exists in the OpenImageIO::add_ex ...)
-	TODO: check
+	- openimageio <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636
 CVE-2022-41632
 	RESERVED
 CVE-2022-41630



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73d41e517cba044b065ddb38f72ed927e5788cbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73d41e517cba044b065ddb38f72ed927e5788cbc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221224/56ee2888/attachment.htm>

More information about the debian-security-tracker-commits mailing list