Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 37: 2023-99870af9f0 Moderate: OpenImageIO Heap Buffer Overflow

fedora
Calendar Grey August 11, 2023
Dist Fedora Esm H88
Fedora 37 enhances OpenImageIO with crucial updates, addressing vulnerabilities and boosting performance for efficient image processing and manipulation tasks
Changes since 2.4.12: https://github.com/AcademySoftwareFoundation/OpenImageIO/releases/tag/v2.4.13.0 https://github.com/AcademySoftwareFoundation/OpenImageIO/releases/tag/v2.4.14....

Summary

OpenImageIO is a library for reading and writing images, and a bunch of related

classes, utilities, and applications. Main features include:

- Extremely simple but powerful ImageInput and ImageOutput APIs for reading and

writing 2D images that is format agnostic.

- Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,

DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI,

PNM/PPM/PGM/PBM.

- An ImageCache class that transparently manages a cache so that it can access

truly vast amounts of image data.

Update Information:

Changes since 2.4.12: https://github.com/AcademySoftwareFoundation/OpenImageIO/releases/tag/v2.4.13.0 https://github.com/AcademySoftwareFoundation/OpenImageIO/releases/tag/v2.4.14.0 Security fix for CVE-2023-36183, CVE-2023-3430

Topics%20covered

Topics Covered

security advisory security issue fedora critical software update OpenImageIO buf overflow

Change Log

* Tue Aug 1 2023 Richard Shaw - 2.4.14.0-1 - Update to 2.4.14.0. * Tue Aug 1 2023 Richard Shaw - 2.4.13.0-1 - Update to 2.4.13.0. * Wed Jul 19 2023 Fedora Release Engineering - 2.4.12.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Mon Jul 3 2023 Python Maint - 2.4.12.0-3 - Rebuilt for Python 3.12 * Wed Jun 28 2023 Vitaly Zaitsev - 2.4.12.0-2 - Rebuilt due to fmt 10 update.

References


[ 1 ] Bug #2218382 - CVE-2023-3430 OpenImageIO: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2218382 [ 2 ] Bug #2219200 - OpenImageIO-2.4.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2219200 [ 3 ] Bug #2219517 - CVE-2023-36183 OpenImageIO: heap-buffer-overflow in ICOInput::readimg() in icoinput.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2219517

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-99870af9f0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: OpenImageIO
Product: Fedora 37
Version: 2.4.14.0
Release: 1.fc37
URL: https://sites.google.com/site/openimageio/home
Summary: Library for reading and writing images

Topics%20covered

Topics Covered

security advisory security issue fedora critical software update OpenImageIO buf overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here