Debian Security Advisory

DSA-5384-1 openimageio -- security update

Date Reported:
10 Apr 2023
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 1027143, Bug 1027808.
In Mitre's CVE dictionary: CVE-2022-36354, CVE-2022-41639, CVE-2022-41649, CVE-2022-41684, CVE-2022-41794, CVE-2022-41837, CVE-2022-41838, CVE-2022-41977, CVE-2022-41981, CVE-2022-41988, CVE-2022-41999, CVE-2022-43592, CVE-2022-43593, CVE-2022-43594, CVE-2022-43595, CVE-2022-43596, CVE-2022-43597, CVE-2022-43598, CVE-2022-43599, CVE-2022-43600, CVE-2022-43601, CVE-2022-43602, CVE-2022-43603.
More information:

Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image file is processed.

For the stable distribution (bullseye), these problems have been fixed in version

We recommend that you upgrade your openimageio packages.

For the detailed security status of openimageio please refer to its security tracker page at: