CVE-2023-36183

Name of the Vulnerable Software and Affected Versions OpenImageIO versions 2.4.12.0 and before

Description The issue is related to a buffer overflow vulnerability in the readimg function of the OpenImageIO library, which occurs due to unverified input data. This can allow an attacker to access sensitive information, compromise data integrity, and cause a denial of service using a specially crafted file. The vulnerability can be exploited to execute arbitrary code remotely.

Recommendations For OpenImageIO versions 2.4.12.0 and before, consider disabling the readimg function until a patch is available to prevent potential exploitation. Restrict access to the library to minimize the risk of arbitrary code execution. Avoid using the library with untrusted input files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.