How severe is CVE-2024-40630?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-40630?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2024-40630

MEDIUM Year: 2024

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-125

View all →

Vulnerability Description

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input functionality of OpenImageIO. Specifically, in `HeifInput::seek_subimage()`. In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the `ImageInput` APIs. This bug has been addressed in commit `0a2dcb4c` which is included in the 2.5.13.1 release. Users are advised to upgrade. There are no known workarounds for this issue.

CVE-2016-10208

MEDIUM

CVSS:4.3(Medium)

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service...

CWE-1252016

CVE-2017-17182

MEDIUM

CVSS:4.3(Medium)

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R...

CWE-1252017

CVE-2017-17185

MEDIUM

CVSS:4.3(Medium)

CWE-1252017

CVE-2017-17281

MEDIUM

CVSS:4.3(Medium)

SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V60...

CWE-1252017

CVE-2018-16427

MEDIUM

CVSS:4.3(Medium)

Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.

CWE-1252018

CVE-2018-16866

MEDIUM

CVSS:4.3(Medium)

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions...

CWE-1252018

CVE-2024-40630

Vulnerability Description

Related Vulnerabilities

CVE-2016-10208

CVE-2017-17182

CVE-2017-17185

CVE-2017-17281

CVE-2018-16427

CVE-2018-16866