There are 7 open security issues in bullseye.
7 issues left for the package maintainer to handle:
- CVE-2023-3430:
(needs triaging)
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.
- CVE-2023-22845:
(needs triaging)
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2023-24472:
(needs triaging)
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.
- CVE-2023-24473:
(needs triaging)
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2023-36183:
(needs triaging)
Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.
- CVE-2023-42295:
(needs triaging)
An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c
- CVE-2023-42299:
(needs triaging)
Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.
You can find information about how to handle these issues in the security team's documentation.