漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenImageIO: SGI RLE decoder heap buffer overflow OIIO_DASSERT bounds checks are no-ops in release builds
Vulnerability Description
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT for bounds checking in the RLE decode loop. In release builds, OIIO_DASSERT compiles to ((void)sizeof(x)) (dassert.h:210), making all bounds checks no-ops. A crafted .sgi file with RLE count exceeding scanline width causes heap buffer overflow and crash. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
OpenImageIO 缓冲区错误漏洞
Vulnerability Description
OpenImageIO是OpenImageIO开源的一个图像处理库。具有易于使用的界面和大量受支持的图像格式。 OpenImageIO 3.0.18.0之前版本和3.1.13.0之前版本存在缓冲区错误漏洞,该漏洞源于sgiinput.cpp中RLE解码循环使用OIIO_DASSERT进行边界检查,在发布版本中边界检查被编译为空操作,导致堆缓冲区溢出。
CVSS Information
N/A
Vulnerability Type
N/A