CVE-2023-42295

Опубликовано: 23 окт. 2023

Источник: debian

EPSS Низкий

Описание

An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openimageio	fixed	2.4.16.0+dfsg-1		package
openimageio	no-dsa		bookworm	package
openimageio	no-dsa		bullseye	package
openimageio	no-dsa		buster	package

Примечания

https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/3947
https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3948
Fixed by: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/15750af31a5d130ea63ac133453eb5448cefa636 (v2.5.3.0-beta1)
Fixed by: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/672ed4c445ebefd5581974c27e28ef717fb6c401 (v2.4.15.0)

EPSS

Процентиль: 80%

0.0146

Низкий

Связанные уязвимости

CVE-2023-42295

CVSS3: 8.8

ubuntu

больше 2 лет назад

An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c

CVE-2023-42295

CVSS3: 8.8

nvd

больше 2 лет назад

An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c

GHSA-834h-7mjv-2g94

CVSS3: 8.8

github

больше 2 лет назад

An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c

EPSS

Процентиль: 80%

0.0146

Низкий