UBUNTU-CVE-2024-40630

Source
https://ubuntu.com/security/CVE-2024-40630
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-40630.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-40630
Related
Published
2024-07-15T20:15:00Z
Modified
2024-10-15T14:15:25Z
Summary
[none]
Details

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input functionality of OpenImageIO. Specifically, in HeifInput::seek_subimage(). In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the ImageInput APIs. This bug has been addressed in commit 0a2dcb4c which is included in the 2.5.13.1 release. Users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Ubuntu:Pro:16.04:LTS / openimageio

Package

Name
openimageio
Purl
pkg:deb/ubuntu/openimageio?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.17~dfsg0-1ubuntu2
1.5.20~dfsg0-1ubuntu2
1.5.23~dfsg0-1ubuntu1
1.6.9~dfsg0-4ubuntu1
1.6.10~dfsg0-1ubuntu1
1.6.10~dfsg0-2ubuntu1
1.6.11~dfsg0-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / openimageio

Package

Name
openimageio
Purl
pkg:deb/ubuntu/openimageio?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.17~dfsg0-1ubuntu5
1.7.17~dfsg0-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / openimageio

Package

Name
openimageio
Purl
pkg:deb/ubuntu/openimageio?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.10~dfsg0-1
2.0.11~dfsg0-1
2.0.12~dfsg0-1
2.0.12~dfsg0-1build1
2.0.12~dfsg0-1build2
2.1.10.1~dfsg0-5ubuntu4
2.1.10.1~dfsg0-5ubuntu5
2.1.12.0~dfsg0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / openimageio

Package

Name
openimageio
Purl
pkg:deb/ubuntu/openimageio?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.10.1+dfsg-1build1
2.2.18.0+dfsg-1
2.2.18.0+dfsg-1build2
2.2.18.0+dfsg-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / openimageio

Package

Name
openimageio
Purl
pkg:deb/ubuntu/openimageio?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.17.0+dfsg-1.1build4
2.5.12.0+dfsg-2
2.5.12.0+dfsg-2build1
2.5.14.0+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / openimageio

Package

Name
openimageio
Purl
pkg:deb/ubuntu/openimageio?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.14.0+dfsg-1
2.4.16.0+dfsg-1
2.4.16.0+dfsg-1build1
2.4.17.0+dfsg-1
2.4.17.0+dfsg-1build1
2.4.17.0+dfsg-1.1build3
2.4.17.0+dfsg-1.1build4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}