VDB
CVE-2023-36183
CVE-2023-36183
PUBLISHED
Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.
EPSS 0.11% · 28.2th percentile
Risk Scores
EPSS Score
0.11%
28.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| openimageio | openimageio | 0 |
Timeline
- Jul 3, 2023 CVE Published
- Jul 4, 2023 EPSS Score
- Aug 8, 2023 EPSS Score
- Sep 12, 2023 EPSS Score
- Oct 16, 2023 EPSS Score
- Nov 20, 2023 EPSS Score
- Dec 25, 2023 EPSS Score
- Jan 29, 2024 EPSS Score
- Mar 4, 2024 EPSS Score
- Apr 7, 2024 EPSS Score
- May 12, 2024 EPSS Score
- Jun 16, 2024 EPSS Score
References
- https://github.com/OpenImageIO/oiio/issues/3871 url
- [debian-lts-announce] 20230806 [SECURITY] [DLA 3518-1] openimageio security update mailing-list
- FEDORA-2023-ad5fee9a64 vendor-advisory
- FEDORA-2023-99870af9f0 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-36183 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPHVMLS2LYMLURWFL7CMZ3Y7UMW3M4AW url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYFTS5LK725R6KVIYJVTPN3A6B6C7E6D url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPHVMLS2LYMLURWFL7CMZ3Y7UMW3M4AW url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYFTS5LK725R6KVIYJVTPN3A6B6C7E6D url