[Bug 1216852] New: VUL-0: CVE-2023-42299: OpenImageIO: Buffer Overflow in OpenImageIO oiio
https://bugzilla.suse.com/show_bug.cgi?id=1216852 Bug ID: 1216852 Summary: VUL-0: CVE-2023-42299: OpenImageIO: Buffer Overflow in OpenImageIO oiio Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/384024/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: hpj@urpla.net Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: gabriele.sonnu@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42299 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216852 https://bugzilla.suse.com/show_bug.cgi?id=1216852#c1 --- Comment #1 from Gabriele Sonnu <gabriele.sonnu@suse.com> --- Was fixed in v.2.4.13.0, so Factory is not affected. Tracking as affected: - openSUSE:Backports:SLE-15-SP4/OpenImageIO 2.2.17.0 - openSUSE:Backports:SLE-15-SP5/OpenImageIO 2.2.17.0 as they contain the affected code. Upstream fix: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216852 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com