Описание
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| openimageio | fixed | 2.4.9.0+dfsg-1 | experimental | package |
| openimageio | fixed | 2.4.13.0+dfsg-1 | package | |
| openimageio | no-dsa | bookworm | package | |
| openimageio | no-dsa | bullseye | package | |
| openimageio | no-dsa | buster | package |
Примечания
https://github.com/OpenImageIO/oiio/pull/3768
https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master)
https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1)
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708
EPSS
Связанные уязвимости
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
EPSS