#intel

CVE-2022-41649: TALOS-2022-1631 || Cisco Talos Intelligence Group

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #ios #linux #cisco #git #intel #c++

CVE-2022-41794: TALOS-2022-1626 || Cisco Talos Intelligence Group

A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #ios #mac #linux #cisco #js #git #intel #c++#buffer_overflow

CVE-2022-43602: TALOS-2022-1656 || Cisco Talos Intelligence Group

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`

2 years ago

CVE

Open in Source

#vulnerability #linux #cisco #git #intel #c++#buffer_overflow

CVE-2022-41981: TALOS-2022-1628 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #linux #cisco #git #intel #c++#buffer_overflow #auth

CVE-2022-41977: TALOS-2022-1627 || Cisco Talos Intelligence Group

An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #ios #cisco #git #intel

CVE-2022-43592: TALOS-2022-1651 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #linux #cisco #git #intel #c++

CVE-2022-41988: TALOS-2022-1643 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #ios #linux #cisco #git #intel #c++

Inside the Next-Level Fraud Ring Scamming Billions Off Holiday Retailers

"Largest attack of its kind": A potent Southeast Asian e-commerce fraud ring has declared war on US retailers, targeting billions in goods in just the past month and forcing mules into its scheme.

2 years ago

DARKReading

Open in Source

#mac #intel #ssh

CVE-2022-47926: AyaCMS v3.1.2 has Arbitrary file operations Vulnerability · Issue #7 · loadream/AyaCMS

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php

2 years ago

CVE

Open in Source

#vulnerability #web #mac #windows #apple #intel #php #chrome #webkit

Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc.

2 years ago