SB2023041115 - Multiple vulnerabilities in OpenImageIO oiio
Published: April 11, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2022-43603)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the ZfileOutput::close() functionality. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
2) Heap-based buffer overflow (CVE-ID: CVE-2022-43602)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the IFFOutput::close() functionality. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Heap-based buffer overflow (CVE-ID: CVE-2022-43600)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the IFFOutput::close() functionality. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Heap-based buffer overflow (CVE-ID: CVE-2022-43599)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the IFFOutput::close() functionality. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Heap-based buffer overflow (CVE-ID: CVE-2022-43601)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the IFFOutput::close() functionality. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Heap-based buffer overflow (CVE-ID: CVE-2022-43597)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the IFFOutput alignment padding functionality. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability arises when the "m_spec.format" is "TypeDesc::UINT8".
7) Heap-based buffer overflow (CVE-ID: CVE-2022-43598)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the IFFOutput alignment padding functionality. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability arises when the "m_spec.format" is "TypeDesc::UINT16".
8) Out-of-bounds read (CVE-ID: CVE-2022-43596)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the IFFOutput channel interleaving functionality. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
9) NULL pointer dereference (CVE-ID: CVE-2022-43593)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the DPXOutput::close() functionality. A remote attacker can perform a denial of service (DoS) attack.
10) Memory leak (CVE-ID: CVE-2022-43592)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak in the DPXOutput::close() functionality. A remote attacker can force the application to leak memory and gain access to sensitive information.
11) NULL pointer dereference (CVE-ID: CVE-2022-43594)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the image output closing functionality that applies to writing .bmp files. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2022-43595)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the image output closing functionality that applies to writing .fits files. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657
- https://github.com/OpenImageIO/oiio/releases/tag/v2.4.6.0
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653