| Package | openimageio |
|---|---|
| Version | 1.4.14~dfsg0-1+deb8u1 (jessie), 1.6.17~dfsg0-1+deb9u1 (stretch) |
| Related CVEs | CVE-2022-36354 CVE-2022-41838 CVE-2022-41999 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-43603 |
Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image file is processed.
For Debian 8 jessie, these problems have been fixed in version 1.4.14~dfsg0-1+deb8u1.
For Debian 9 stretch, these problems have been fixed in version 1.6.17~dfsg0-1+deb9u1.
We recommend that you upgrade your openimageio packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.