CVE-2023-22845 (https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708): An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. CVE-2023-24472 (https://talosintelligence.com/vulnerability_reports/TALOS-2023-1709): A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. CVE-2023-24473 (https://talosintelligence.com/vulnerability_reports/TALOS-2023-1707): An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.
Created OpenImageIO tracking bugs for this issue: Affects: epel-all [bug 2185105] Affects: fedora-all [bug 2185104]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.