ELA-846-1 openimageio security update

denial of service

Version1.4.14~dfsg0-1+deb8u1 (jessie), 1.6.17~dfsg0-1+deb9u1 (stretch)
Related CVEs CVE-2022-36354 CVE-2022-41838 CVE-2022-41999 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-43603

Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image file is processed.

For Debian 8 jessie, these problems have been fixed in version 1.4.14~dfsg0-1+deb8u1.

For Debian 9 stretch, these problems have been fixed in version 1.6.17~dfsg0-1+deb9u1.

We recommend that you upgrade your openimageio packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.