English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2023.0151
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2023-0151)
Zusammenfassung:The remote host is missing an update for the 'openimageio' package(s) announced via the MGASA-2023-0151 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'openimageio' package(s) announced via the MGASA-2023-0151 advisory.

Vulnerability Insight:
A heap out-of-bounds read vulnerability exists in the RLA format parser of
OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in
the way run-length encoded byte spans are handled. A malformed RLA file
can lead to an out-of-bounds read of heap metadata which can result in
sensitive information leak. (CVE-2022-36354)

A heap out-of-bounds write vulnerability exists in the way OpenImageIO
v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file
can write to arbitrary out of bounds memory, which can lead to arbitrary
code execution. (CVE-2022-38143)

A heap based buffer overflow vulnerability exists in tile decoding code of
TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A
specially-crafted TIFF file can lead to an out of bounds memory
corruption, which can result in arbitrary code execution.
(CVE-2022-41639)

A heap out of bounds read vulnerability exists in the OpenImageIO
master-branch-9aeece7a when parsing the image file directory part of a PSD
image file. A specially-crafted .psd file can cause a read of arbitrary
memory address which can lead to denial of service. (CVE-2022-41684)

A heap based buffer overflow vulnerability exists in the PSD thumbnail
resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD
file can lead to arbitrary code execution. (CVE-2022-41794)

A code execution vulnerability exists in the DDS scanline parsing
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A
specially-crafted .dds can lead to a heap buffer overflow.
(CVE-2022-41838)

An out of bounds read vulnerability exists in the way OpenImageIO version
v2.3.19.0 processes string fields in TIFF image files. A specially-crafted
TIFF file can lead to information disclosure. (CVE-2022-41977)

A stack-based buffer overflow vulnerability exists in the TGA file format
parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead
to out of bounds read and write on the process stack, which can lead to
arbitrary code execution. (CVE-2022-41981)

An information disclosure vulnerability exists in the
OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project
OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a
disclosure of sensitive information. (CVE-2022-41988)

A denial of service vulnerability exists in the DDS native tile reading
functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A
specially-crafted .dds can lead to denial of service. (CVE-2022-41999)

An information disclosure vulnerability exists in the DPXOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
crafted ImageOutput Object can lead to leaked heap data. (CVE-2022-43592)

A denial of service vulnerability exists in the DPXOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
crafted ImageOutput Object can lead to null pointer ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'openimageio' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-36354
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629
Common Vulnerability Exposure (CVE) ID: CVE-2022-38143
https://security.gentoo.org/glsa/202305-33
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630
Common Vulnerability Exposure (CVE) ID: CVE-2022-41639
Debian Security Information: DSA-5384 (Google Search)
https://www.debian.org/security/2023/dsa-5384
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633
Common Vulnerability Exposure (CVE) ID: CVE-2022-41684
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632
https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-41794
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626
Common Vulnerability Exposure (CVE) ID: CVE-2022-41838
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634
Common Vulnerability Exposure (CVE) ID: CVE-2022-41977
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627
Common Vulnerability Exposure (CVE) ID: CVE-2022-41981
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628
Common Vulnerability Exposure (CVE) ID: CVE-2022-41988
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
Common Vulnerability Exposure (CVE) ID: CVE-2022-41999
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635
Common Vulnerability Exposure (CVE) ID: CVE-2022-43592
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
Common Vulnerability Exposure (CVE) ID: CVE-2022-43593
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652
Common Vulnerability Exposure (CVE) ID: CVE-2022-43594
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
Common Vulnerability Exposure (CVE) ID: CVE-2022-43595
Common Vulnerability Exposure (CVE) ID: CVE-2022-43596
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654
Common Vulnerability Exposure (CVE) ID: CVE-2022-43597
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
Common Vulnerability Exposure (CVE) ID: CVE-2022-43598
Common Vulnerability Exposure (CVE) ID: CVE-2022-43599
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
Common Vulnerability Exposure (CVE) ID: CVE-2022-43600
Common Vulnerability Exposure (CVE) ID: CVE-2022-43601
Common Vulnerability Exposure (CVE) ID: CVE-2022-43602
Common Vulnerability Exposure (CVE) ID: CVE-2022-43603
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657
Common Vulnerability Exposure (CVE) ID: CVE-2023-22845
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708
Common Vulnerability Exposure (CVE) ID: CVE-2023-24472
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1709
Common Vulnerability Exposure (CVE) ID: CVE-2023-24473
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1707
CopyrightCopyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.