CVE-2023-36183
Summary
| CVE | CVE-2023-36183 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-07-03 21:15:00 UTC |
|---|
| Updated | 2023-11-07 04:16:00 UTC |
|---|
| Description | Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 38 Update: OpenImageIO-2.4.14.0-1.fc38 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: OpenImageIO-2.4.14.0-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: OpenImageIO-2.4.14.0-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [BUG] Heap-buffer-overflow in function ICOInput::readimg in file src/ico.imageio/icoinput.cpp · Issue #3871 · OpenImageIO/oiio · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 38 Update: OpenImageIO-2.4.14.0-1.fc38 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] [DLA 3518-1] openimageio security update |
MLIST |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 284382 Fedora Security Update for OpenImageIO (FEDORA-2023-ad5fee9a64)
- 284383 Fedora Security Update for OpenImageIO (FEDORA-2023-99870af9f0)
- 503206 Alpine Linux Security Update for openimageio
- 6000166 Debian Security Update for openimageio (DLA 3518-1)
