You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We discovered a Segmentation-violation bug in src/include/OpenImageIO/string_view.h:262 while fuzzing iconvert.
The latest version also has this vulnerability.
Version
# ./bin/oiiotool --version
3.1.0.0dev
# ./bin/iconvert -v
iconvert: Must have both an input and output filename specified.
iconvert -- copy images with format conversions and other alterations
OpenImageIO 3.1.0.0dev http://www.openimageio.org
Description
Dear developers,
We discovered a Segmentation-violation bug in src/include/OpenImageIO/string_view.h:262 while fuzzing iconvert.
The latest version also has this vulnerability.
Version
PoC
poc2iconvert: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/poc2iconvert
Reproduction
Address Sanitizer log
Environment
Thanks for your time!
The text was updated successfully, but these errors were encountered: