OpenImageIO-2.4.8.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12693 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z OpenImageIO-2.4.8.1-1.1 on GA media These are all security issues fixed in the OpenImageIO-2.4.8.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12693 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12693 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-22845/ SUSE CVE CVE-2023-22845 page https://www.suse.com/security/cve/CVE-2023-24472/ SUSE CVE CVE-2023-24472 page https://www.suse.com/security/cve/CVE-2023-24473/ SUSE CVE CVE-2023-24473 page openSUSE Tumbleweed OpenImageIO-2.4.8.1-1.1 OpenImageIO-devel-2.4.8.1-1.1 libOpenImageIO2_4-2.4.8.1-1.1 libOpenImageIO_Util2_4-2.4.8.1-1.1 python3-OpenImageIO-2.4.8.1-1.1 OpenImageIO-2.4.8.1-1.1 as a component of openSUSE Tumbleweed OpenImageIO-devel-2.4.8.1-1.1 as a component of openSUSE Tumbleweed libOpenImageIO2_4-2.4.8.1-1.1 as a component of openSUSE Tumbleweed libOpenImageIO_Util2_4-2.4.8.1-1.1 as a component of openSUSE Tumbleweed python3-OpenImageIO-2.4.8.1-1.1 as a component of openSUSE Tumbleweed An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. CVE-2023-22845 openSUSE Tumbleweed:OpenImageIO-2.4.8.1-1.1 openSUSE Tumbleweed:OpenImageIO-devel-2.4.8.1-1.1 openSUSE Tumbleweed:libOpenImageIO2_4-2.4.8.1-1.1 openSUSE Tumbleweed:libOpenImageIO_Util2_4-2.4.8.1-1.1 openSUSE Tumbleweed:python3-OpenImageIO-2.4.8.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-22845.html CVE-2023-22845 https://bugzilla.suse.com/1209997 SUSE Bug 1209997 A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. CVE-2023-24472 openSUSE Tumbleweed:OpenImageIO-2.4.8.1-1.1 openSUSE Tumbleweed:OpenImageIO-devel-2.4.8.1-1.1 openSUSE Tumbleweed:libOpenImageIO2_4-2.4.8.1-1.1 openSUSE Tumbleweed:libOpenImageIO_Util2_4-2.4.8.1-1.1 openSUSE Tumbleweed:python3-OpenImageIO-2.4.8.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-24472.html CVE-2023-24472 https://bugzilla.suse.com/1209996 SUSE Bug 1209996 An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. CVE-2023-24473 openSUSE Tumbleweed:OpenImageIO-2.4.8.1-1.1 openSUSE Tumbleweed:OpenImageIO-devel-2.4.8.1-1.1 openSUSE Tumbleweed:libOpenImageIO2_4-2.4.8.1-1.1 openSUSE Tumbleweed:libOpenImageIO_Util2_4-2.4.8.1-1.1 openSUSE Tumbleweed:python3-OpenImageIO-2.4.8.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-24473.html CVE-2023-24473 https://bugzilla.suse.com/1209995 SUSE Bug 1209995