CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-55194

CVSS 9.8v3.1pub. 2025-01-23upd. 2025-01-29

OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

πŸ€– AI Analysis
How it works

The vulnerability consists of a heap buffer overflow in the header file /OpenImageIO/fmath.h β€” classified as CWE-787 (out-of-bounds write) and CWE-120 (lack of size validation during copying). An attacker can provide specially crafted input data that causes an overflow beyond the boundaries of allocated heap memory. The attack vector is network-based, requires no authentication or user interaction, which significantly increases its accessibility to potential attackers.

Impact

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE), as well as compromise the confidentiality, integrity, and availability of the system in full scope.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. It is recommended to monitor the project repository on GitHub at the address specified in the references and update to a version containing the fix after it is released.

Who is affected

OpenImageIO version v3.1.0.0dev

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Openimageio

    APP
    Openimageio
    3.1.0.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-55193CRITICAL9.8PL βœ“ten sam produkt

Naruszenie segmentacji (segfault) w OpenImageIO przez komponent string_view.h

CVE-2024-55192CRITICAL9.8PL βœ“ten sam produkt

Heap overflow w OpenImageIO poprzez komponent Fetch64

CVE-2023-42299CRITICAL9.8ten sam produkt

Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary cod...

CVE-2022-41639CRITICAL9.8ten sam produkt

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO ma...

CVE-2022-38143CRITICAL9.8ten sam produkt

A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP ima...

CVE-2024-55194 β€” Openimageio β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl