Fluid Attacks Database

Description

A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	openimageio	=2.2.10.1+dfsg-1 \|\| =2.2.10.1+dfsg-1+deb11u1 \|\| =2.2.13.1+dfsg-1 \|\| =2.2.14.0+dfsg-1 \|\| =2.2.16.0+dfsg-1 \|\| =2.2.17.0+dfsg-1 \|\| =2.2.17.0+dfsg-2 \|\| =2.2.18.0+dfsg-1 \|\| =2.2.18.0+dfsg-2 \|\| =2.3.11.0+dfsg-1 \|\| =2.3.12.0+dfsg-1 \|\| =2.3.14.0+dfsg-1 \|\| =2.3.14.0+dfsg-2 \|\| =2.3.14.0+dfsg-3 \|\| =2.3.17.0+dfsg-1 \|\| =2.3.18.0+dfsg-1 \|\| =2.3.18.0+dfsg-2 \|\| =2.3.18.0+dfsg-3 \|\| =2.3.18.0+dfsg-4 \|\| =2.3.18.0+dfsg-5 \|\| =2.3.18.0+dfsg-6 \|\| =2.3.21.0+dfsg-1 \|\| =2.3.8.0+dfsg-1 \|\| =2.3.9.1+dfsg-1 \|\| =2.4.12.0+dfsg-1 \|\| =2.4.13.0+dfsg-1 \|\| =2.4.14.0+dfsg-1 \|\| =2.4.16.0+dfsg-1 \|\| =2.4.17.0+dfsg-1 \|\| =2.4.17.0+dfsg-1.1 \|\| =2.4.7.1+dfsg-1 \|\| =2.4.7.1+dfsg-2 \|\| =2.4.9.0+dfsg-1 \|\| =2.5.10.1+dfsg-1 \|\| =2.5.12.0+dfsg-1 \|\| =2.5.12.0+dfsg-2 \|\| =2.5.14.0+dfsg-1 \|\| =2.5.15.0+dfsg-1 \|\| =2.5.16.0+dfsg-1 \|\| =2.5.18.0+dfsg-1 \|\| =2.5.19.1+dfsg-1 \|\| =2.5.19.1+dfsg-2 \|\| =2.5.7.0+dfsg-1	-
debian 12	openimageio	=2.4.12.0+dfsg-1 \|\| =2.4.13.0+dfsg-1 \|\| =2.4.14.0+dfsg-1 \|\| =2.4.16.0+dfsg-1 \|\| =2.4.17.0+dfsg-1 \|\| =2.4.17.0+dfsg-1.1 \|\| =2.4.7.1+dfsg-2 \|\| =2.4.9.0+dfsg-1 \|\| =2.5.10.1+dfsg-1 \|\| =2.5.12.0+dfsg-1 \|\| =2.5.12.0+dfsg-2 \|\| =2.5.14.0+dfsg-1 \|\| =2.5.15.0+dfsg-1 \|\| =2.5.16.0+dfsg-1 \|\| =2.5.18.0+dfsg-1 \|\| =2.5.19.1+dfsg-1 \|\| =2.5.19.1+dfsg-2 \|\| =2.5.7.0+dfsg-1	-
debian 13	openimageio	>=0 <2.4.13.0+dfsg-1	2.4.13.0+dfsg-1
debian 14	openimageio	>=0 <2.4.13.0+dfsg-1	2.4.13.0+dfsg-1

Aliases

1. CVE-2023-34302. NVD-2023-34303. OSV-DEBIAN-2023-34304. OSV-2023-34305. SECURITY-TRACKER-CVE-2023-3430

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.