OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service

Cisco Talos recently discovered nineteen vulnerabilities in OpenImageIO, an image processing library, which could lead to sensitive information disclosure, denial of service and heap buffer overflows which could further lead to code execution.

OpenImageIO is an image processing library useful for conversion and processing, as well as image comparison. This library is utilized by 3D-processing software from AliceVision (including Meshroom) and is also used by Blender for reading Photoshop .psd files.

Vulnerabilities were found in the way OpenImageIO processed .tif, .psd, .dds and other files and metadata types.

Read more…
Source: Cisco Talos