Name of the Vulnerable Software and Affected Versions:

OpenImageIO versions master-branch-9aeece7a through v2.3.19.0

Description:

A heap-based buffer overflow vulnerability exists in the tile decoding code of the TIFF image parser. This issue can be triggered by a specially-crafted TIFF file, leading to out-of-bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to exploit this vulnerability, potentially allowing remote access to confidential data, disrupting data integrity, and causing a denial of service.

Recommendations:

For OpenImageIO versions master-branch-9aeece7a through v2.3.19.0, consider disabling the TIFF image parser until a patch is available to prevent exploitation. Restrict access to the tile decoding code to minimize the risk of arbitrary code execution. Avoid using the vulnerable TIFF image parser with untrusted files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.