MGASA-2023-0151 - Updated openimageio packages fix security vulnerability

Publication date: 24 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0151.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-36354,
     CVE-2022-38143,
     CVE-2022-41639,
     CVE-2022-41684,
     CVE-2022-41794,
     CVE-2022-41838,
     CVE-2022-41977,
     CVE-2022-41981,
     CVE-2022-41988,
     CVE-2022-41999,
     CVE-2022-43592,
     CVE-2022-43593,
     CVE-2022-43594,
     CVE-2022-43595,
     CVE-2022-43596,
     CVE-2022-43597,
     CVE-2022-43598,
     CVE-2022-43599,
     CVE-2022-43600,
     CVE-2022-43601,
     CVE-2022-43602,
     CVE-2022-43603,
     CVE-2023-22845,
     CVE-2023-24472,
     CVE-2023-24473

A heap out-of-bounds read vulnerability exists in the RLA format parser of
OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in
the way run-length encoded byte spans are handled. A malformed RLA file
can lead to an out-of-bounds read of heap metadata which can result in
sensitive information leak. (CVE-2022-36354)

A heap out-of-bounds write vulnerability exists in the way OpenImageIO
v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file
can write to arbitrary out of bounds memory, which can lead to arbitrary
code execution. (CVE-2022-38143)

A heap based buffer overflow vulnerability exists in tile decoding code of
TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A
specially-crafted TIFF file can lead to an out of bounds memory
corruption, which can result in arbitrary code execution.
(CVE-2022-41639)

A heap out of bounds read vulnerability exists in the OpenImageIO
master-branch-9aeece7a when parsing the image file directory part of a PSD
image file. A specially-crafted .psd file can cause a read of arbitrary
memory address which can lead to denial of service. (CVE-2022-41684)

A heap based buffer overflow vulnerability exists in the PSD thumbnail
resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD
file can lead to arbitrary code execution. (CVE-2022-41794)

A code execution vulnerability exists in the DDS scanline parsing
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A
specially-crafted .dds can lead to a heap buffer overflow.
(CVE-2022-41838)

An out of bounds read vulnerability exists in the way OpenImageIO version
v2.3.19.0 processes string fields in TIFF image files. A specially-crafted
TIFF file can lead to information disclosure. (CVE-2022-41977)

A stack-based buffer overflow vulnerability exists in the TGA file format
parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead
to out of bounds read and write on the process stack, which can lead to
arbitrary code execution. (CVE-2022-41981)

An information disclosure vulnerability exists in the
OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project
OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a
disclosure of sensitive information. (CVE-2022-41988)

A denial of service vulnerability exists in the DDS native tile reading
functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A
specially-crafted .dds can lead to denial of service. (CVE-2022-41999)

An information disclosure vulnerability exists in the DPXOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
crafted ImageOutput Object can lead to leaked heap data. (CVE-2022-43592)

A denial of service vulnerability exists in the DPXOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
crafted ImageOutput Object can lead to null pointer dereference.
(CVE-2022-43593)

Multiple denial of service vulnerabilities exist in the image output
closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2.
Specially crafted ImageOutput Objects can lead to multiple null pointer
dereferences. This vulnerability applies to writing .bmp files.
(CVE-2022-43594)

Multiple denial of service vulnerabilities exist in the image output
closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2.
Specially crafted ImageOutput Objects can lead to multiple null pointer
dereferences. This vulnerability applies to writing .fits files.
(CVE-2022-43595)

An information disclosure vulnerability exists in the IFFOutput channel
interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A
specially crafted ImageOutput Object can lead to leaked heap data.
(CVE-2022-43596)

Multiple memory corruption vulnerabilities exist in the IFFOutput
alignment padding functionality of OpenImageIO Project OpenImageIO
v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary
code execution. This vulnerability arises when the 'm_spec.format' is
'TypeDesc::UINT8'. (CVE-2022-43597)

Multiple memory corruption vulnerabilities exist in the IFFOutput
alignment padding functionality of OpenImageIO Project OpenImageIO
v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary
code execution. This vulnerability arises when the 'm_spec.format' is
'TypeDesc::UINT16'. (CVE-2022-43598)

Multiple code execution vulnerabilities exist in the IFFOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
crafted ImageOutput Object can lead to a heap buffer overflow. This
vulnerability arises when the 'xmax' variable is set to 0xFFFF and
'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43599)

Multiple code execution vulnerabilities exist in the IFFOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
crafted ImageOutput Object can lead to a heap buffer overflow. This
vulnerability arises when the 'xmax' variable is set to 0xFFFF and
'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43600)

Multiple code execution vulnerabilities exist in the IFFOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
crafted ImageOutput Object can lead to a heap buffer overflow. This
vulnerability arises when the 'ymax' variable is set to 0xFFFF and
'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43601)

Multiple code execution vulnerabilities exist in the IFFOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
crafted ImageOutput Object can lead to a heap buffer overflow. This
vulnerability arises when the 'ymax' variable is set to 0xFFFF and
'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43602)

A denial of service vulnerability exists in the ZfileOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially
crafted ImageOutput Object can lead to denial of service. (CVE-2022-43603)

An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel()
functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially
crafted targa file can lead to information disclosure. (CVE-2023-22845)

A denial of service vulnerability exists in the FitsOutput::close()
functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially
crafted ImageOutput Object can lead to denial of service. (CVE-2023-24472)

An information disclosure vulnerability exists in the
TGAInput::read_tga2_header functionality of OpenImageIO Project
OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a
disclosure of sensitive information. (CVE-2023-24473)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31364
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T3LET4MEPBSBJZK4EMLEBY4FUXKU5BMN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MLUXEL7AB2S5ACSDCHG67GEZHUYZBR5O/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LK6TY36VQ3FQXMZ2VXHZGQ43VDLD67GG/
- https://www.debian.org/lts/security/2023/dla-3382
- https://www.debian.org/security/2023/dsa-5384
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36354
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41639
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41838
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41977
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41981
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41999
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43592
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43595
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43596
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43597
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43598
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43599
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43600
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43601
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43603
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22845
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24472
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24473

SRPMS:
- 8/core/openimageio-2.2.10.0-1.1.mga8

Mageia 2023-0151: openimageio security update

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0

Summary

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. (CVE-2022-36354)
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. (CVE-2022-38143)
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. (CVE-2022-41639)
A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. (CVE-2022-41684)
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. (CVE-2022-41794)
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. (CVE-2022-41838)
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. (CVE-2022-41977)
A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. (CVE-2022-41981)
An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. (CVE-2022-41988)
A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. (CVE-2022-41999)
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. (CVE-2022-43592)
A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. (CVE-2022-43593)
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. This vulnerability applies to writing .bmp files. (CVE-2022-43594)
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. This vulnerability applies to writing .fits files. (CVE-2022-43595)
An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. (CVE-2022-43596)
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. This vulnerability arises when the 'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43597)
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. This vulnerability arises when the 'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43598)
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This vulnerability arises when the 'xmax' variable is set to 0xFFFF and 'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43599)
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This vulnerability arises when the 'xmax' variable is set to 0xFFFF and 'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43600)
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This vulnerability arises when the 'ymax' variable is set to 0xFFFF and 'm_spec.format' is 'TypeDesc::UINT16'. (CVE-2022-43601)
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This vulnerability arises when the 'ymax' variable is set to 0xFFFF and 'm_spec.format' is 'TypeDesc::UINT8'. (CVE-2022-43602)
A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. (CVE-2022-43603)
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. (CVE-2023-22845)
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. (CVE-2023-24472)
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. (CVE-2023-24473)

References

- https://bugs.mageia.org/show_bug.cgi?id=31364

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T3LET4MEPBSBJZK4EMLEBY4FUXKU5BMN/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MLUXEL7AB2S5ACSDCHG67GEZHUYZBR5O/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LK6TY36VQ3FQXMZ2VXHZGQ43VDLD67GG/

- https://www.debian.org/lts/security/2023/dla-3382

- https://www.debian.org/security/2023/dsa-5384

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36354

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38143

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41639

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41684

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41794

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41838

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41977

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41981

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41988

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41999

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43592

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43593

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43594

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43595

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43596

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43597

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43598

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43599

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43600

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43601

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43602

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43603

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22845

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24472

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24473

Resolution

MGASA-2023-0151 - Updated openimageio packages fix security vulnerability

SRPMS

- 8/core/openimageio-2.2.10.0-1.1.mga8

Severity
Publication date: 24 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0151.html
Type: security
CVE: CVE-2022-36354, CVE-2022-38143, CVE-2022-41639, CVE-2022-41684, CVE-2022-41794, CVE-2022-41838, CVE-2022-41977, CVE-2022-41981, CVE-2022-41988, CVE-2022-41999, CVE-2022-43592, CVE-2022-43593, CVE-2022-43594, CVE-2022-43595, CVE-2022-43596, CVE-2022-43597, CVE-2022-43598, CVE-2022-43599, CVE-2022-43600, CVE-2022-43601, CVE-2022-43602, CVE-2022-43603, CVE-2023-22845, CVE-2023-24472, CVE-2023-24473

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved