Bug#1027143: openimageio: CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-41639 CVE-2022-41649 CVE-2022-41684 CVE-2022-41794 CVE-2022-41837 CVE-2022-41838 CVE-2022-41977 CVE-2022-41981 CVE-2022-41988
Moritz Mühlenhoff
jmm at inutil.org
Wed Dec 28 16:31:34 GMT 2022
Source: openimageio
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openimageio.
CVE-2022-43592[0]:
| An information disclosure vulnerability exists in the
| DPXOutput::close() functionality of OpenImageIO Project OpenImageIO
| v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked
| heap data. An attacker can provide malicious input to trigger this
| vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
CVE-2022-43593[1]:
| A denial of service vulnerability exists in the DPXOutput::close()
| functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
| crafted ImageOutput Object can lead to null pointer dereference. An
| attacker can provide malicious input to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652
CVE-2022-43594[2]:
| Multiple denial of service vulnerabilities exist in the image output
| closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2.
| Specially crafted ImageOutput Objects can lead to multiple null
| pointer dereferences. An attacker can provide malicious multiple
| inputs to trigger these vulnerabilities.This vulnerability applies to
| writing .bmp files.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
CVE-2022-43595[3]:
| Multiple denial of service vulnerabilities exist in the image output
| closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2.
| Specially crafted ImageOutput Objects can lead to multiple null
| pointer dereferences. An attacker can provide malicious multiple
| inputs to trigger these vulnerabilities.This vulnerability applies to
| writing .fits files.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
CVE-2022-43596[4]:
| An information disclosure vulnerability exists in the IFFOutput
| channel interleaving functionality of OpenImageIO Project OpenImageIO
| v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked
| heap data. An attacker can provide malicious input to trigger this
| vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654
CVE-2022-43597[5]:
| Multiple memory corruption vulnerabilities exist in the IFFOutput
| alignment padding functionality of OpenImageIO Project OpenImageIO
| v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary
| code execution. An attacker can provide malicious input to trigger
| these vulnerabilities.This vulnerability arises when the
| `m_spec.format` is `TypeDesc::UINT8`.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
CVE-2022-43598[6]:
| Multiple memory corruption vulnerabilities exist in the IFFOutput
| alignment padding functionality of OpenImageIO Project OpenImageIO
| v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary
| code execution. An attacker can provide malicious input to trigger
| these vulnerabilities.This vulnerability arises when the
| `m_spec.format` is `TypeDesc::UINT16`.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
CVE-2022-43599[7]:
| Multiple code execution vulnerabilities exist in the
| IFFOutput::close() functionality of OpenImageIO Project OpenImageIO
| v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap
| buffer overflow. An attacker can provide malicious input to trigger
| these vulnerabilities.This vulnerability arises when the `xmax`
| variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
CVE-2022-43600[8]:
| Multiple code execution vulnerabilities exist in the
| IFFOutput::close() functionality of OpenImageIO Project OpenImageIO
| v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap
| buffer overflow. An attacker can provide malicious input to trigger
| these vulnerabilities.This vulnerability arises when the `xmax`
| variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16`
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
CVE-2022-43601[9]:
| Multiple code execution vulnerabilities exist in the
| IFFOutput::close() functionality of OpenImageIO Project OpenImageIO
| v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap
| buffer overflow. An attacker can provide malicious input to trigger
| these vulnerabilities.This vulnerability arises when the `ymax`
| variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16`
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
CVE-2022-43602[10]:
| Multiple code execution vulnerabilities exist in the
| IFFOutput::close() functionality of OpenImageIO Project OpenImageIO
| v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap
| buffer overflow. An attacker can provide malicious input to trigger
| these vulnerabilities.This vulnerability arises when the `ymax`
| variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
CVE-2022-41639[11]:
| A heap based buffer overflow vulnerability exists in tile decoding
| code of TIFF image parser in OpenImageIO master-branch-9aeece7a and
| v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds
| memory corruption, which can result in arbitrary code execution. An
| attacker can provide a malicious file to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633
CVE-2022-41649[12]:
| A heap out of bounds read vulnerability exists in the handling of IPTC
| data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-
| crafted TIFF file can cause a read of adjacent heap memory, which can
| leak sensitive process information. An attacker can provide a
| malicious file to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631
CVE-2022-41684[13]:
| A heap out of bounds read vulnerability exists in the OpenImageIO
| master-branch-9aeece7a when parsing the image file directory part of a
| PSD image file. A specially-crafted .psd file can cause a read of
| arbitrary memory address which can lead to denial of service. An
| attacker can provide a malicious file to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632
CVE-2022-41794[14]:
| A heap based buffer overflow vulnerability exists in the PSD thumbnail
| resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD
| file can lead to arbitrary code execution. An attacker can provide a
| malicious file to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626
CVE-2022-41837[15]:
| An out-of-bounds write vulnerability exists in the
| OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO
| Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead
| to stack-based memory corruption. An attacker can provide a malicious
| file to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636
CVE-2022-41838[16]:
| A code execution vulnerability exists in the DDS scanline parsing
| functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A
| specially-crafted .dds can lead to a heap buffer overflow. An attacker
| can provide a malicious file to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634
CVE-2022-41977[17]:
| An out of bounds read vulnerability exists in the way OpenImageIO
| version v2.3.19.0 processes string fields in TIFF image files. A
| specially-crafted TIFF file can lead to information disclosure. An
| attacker can provide a malicious file to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627
CVE-2022-41981[18]:
| A stack-based buffer overflow vulnerability exists in the TGA file
| format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file
| can lead to out of bounds read and write on the process stack, which
| can lead to arbitrary code execution. An attacker can provide a
| malicious file to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628
CVE-2022-41988[19]:
| An information disclosure vulnerability exists in the
| OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project
| OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a
| disclosure of sensitive information. An attacker can provide a
| malicious file to trigger this vulnerability.
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-43592
https://www.cve.org/CVERecord?id=CVE-2022-43592
[1] https://security-tracker.debian.org/tracker/CVE-2022-43593
https://www.cve.org/CVERecord?id=CVE-2022-43593
[2] https://security-tracker.debian.org/tracker/CVE-2022-43594
https://www.cve.org/CVERecord?id=CVE-2022-43594
[3] https://security-tracker.debian.org/tracker/CVE-2022-43595
https://www.cve.org/CVERecord?id=CVE-2022-43595
[4] https://security-tracker.debian.org/tracker/CVE-2022-43596
https://www.cve.org/CVERecord?id=CVE-2022-43596
[5] https://security-tracker.debian.org/tracker/CVE-2022-43597
https://www.cve.org/CVERecord?id=CVE-2022-43597
[6] https://security-tracker.debian.org/tracker/CVE-2022-43598
https://www.cve.org/CVERecord?id=CVE-2022-43598
[7] https://security-tracker.debian.org/tracker/CVE-2022-43599
https://www.cve.org/CVERecord?id=CVE-2022-43599
[8] https://security-tracker.debian.org/tracker/CVE-2022-43600
https://www.cve.org/CVERecord?id=CVE-2022-43600
[9] https://security-tracker.debian.org/tracker/CVE-2022-43601
https://www.cve.org/CVERecord?id=CVE-2022-43601
[10] https://security-tracker.debian.org/tracker/CVE-2022-43602
https://www.cve.org/CVERecord?id=CVE-2022-43602
[11] https://security-tracker.debian.org/tracker/CVE-2022-41639
https://www.cve.org/CVERecord?id=CVE-2022-41639
[12] https://security-tracker.debian.org/tracker/CVE-2022-41649
https://www.cve.org/CVERecord?id=CVE-2022-41649
[13] https://security-tracker.debian.org/tracker/CVE-2022-41684
https://www.cve.org/CVERecord?id=CVE-2022-41684
[14] https://security-tracker.debian.org/tracker/CVE-2022-41794
https://www.cve.org/CVERecord?id=CVE-2022-41794
[15] https://security-tracker.debian.org/tracker/CVE-2022-41837
https://www.cve.org/CVERecord?id=CVE-2022-41837
[16] https://security-tracker.debian.org/tracker/CVE-2022-41838
https://www.cve.org/CVERecord?id=CVE-2022-41838
[17] https://security-tracker.debian.org/tracker/CVE-2022-41977
https://www.cve.org/CVERecord?id=CVE-2022-41977
[18] https://security-tracker.debian.org/tracker/CVE-2022-41981
https://www.cve.org/CVERecord?id=CVE-2022-41981
[19] https://security-tracker.debian.org/tracker/CVE-2022-41988
https://www.cve.org/CVERecord?id=CVE-2022-41988
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-phototools-devel
mailing list