DescriptionMultiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v184.108.40.206. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having not set severity.No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.
List of released packages
|Fixed package version(s)
openSUSE Tumbleweed GA OpenImageIO-220.127.116.11-1.1
SUSE Timeline for this CVECVE page created: Fri Dec 23 01:00:49 2022
CVE page last modified: Sat Dec 31 01:26:14 2022