
We found results for “”
CVE-2024-40630
Date: July 15, 2024
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input functionality of OpenImageIO. Specifically, in "HeifInput::seek_subimage()". In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the "ImageInput" APIs. This bug has been addressed in commit "0a2dcb4c" which is included in the 2.5.13.1 release. Users are advised to upgrade. There are no known workarounds for this issue.
Language: C++
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Out-of-bounds Read
CWE-125CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |