Early Access — Mondoo Vulnerability Intelligence is currently in preview.

UBUNTU-CVE-2022-34300 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2022-34300

HIGH8.8

In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.

Published Jun 23, 2022

Modified 6 months ago

No fix available

Details

In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.

Affected Packages

Ubuntu:16.04:LTSasymptote

Affected versions:

2.35-22.35-2build12.35-32.35-3build12.35-42.37-1

Ubuntu:Pro:16.04:LTSasymptote

Affected versions:

2.35-22.35-2build12.35-32.35-3build12.35-42.37-1

Ubuntu:22.04:LTSasymptote

Affected versions:

2.70+ds-22.70+ds-2build12.70+ds-2build22.73+ds-22.74+ds-12.75+ds-12.78+ds-2

Ubuntu:20.04:LTSasymptote

Affected versions:

2.51-12.59-12.60-12.61-12.62-1

Ubuntu:18.04:LTSasymptote

Affected versions:

2.41-2build12.41-32.41-4

Ubuntu:Pro:18.04:LTSasymptote

Affected versions:

2.41-2build12.41-32.41-4

Ubuntu:24.04:LTSasymptote

Affected versions:

2.86+ds-12.86+ds1-12.86+ds1-1build12.87+ds-1build12.87+ds-1build2

Ubuntu:25.04asymptote

Affected versions:

2.90+ds-1build12.92+ds-12.95+ds-1

Ubuntu:Pro:20.04:LTSasymptote

Affected versions:

2.51-12.59-12.60-12.61-12.62-1

Ubuntu:Pro:18.04:LTSgoxel

Affected versions:

0.7.1-20.7.2-1

Ubuntu:25.04goxel

Affected versions:

0.11.0-1.1build3

Ubuntu:24.04:LTSgoxel

Affected versions:

0.11.0-1.10.11.0-1.1build20.11.0-1.1build3

Ubuntu:22.04:LTSgoxel

Affected versions:

0.10.6-30.10.8-1

Ubuntu:Pro:20.04:LTSgoxel

Affected versions:

0.8.1-10.8.1-1build1

Ubuntu:22.04:LTSlove

Affected versions:

11.3-1

Ubuntu:Pro:20.04:LTSlove

Affected versions:

11.1-211.3-1

Ubuntu:Pro:18.04:LTSlove

Affected versions:

0.9.1-4ubuntu1

Ubuntu:24.04:LTSlove

Affected versions:

11.4-111.5-111.5-1build1

Ubuntu:Pro:16.04:LTSlove

Affected versions:

0.9.1-3ubuntu1

Ubuntu:25.04love

Affected versions:

11.5-2

Ubuntu:Pro:20.04:LTSmame

Affected versions:

0.206+dfsg.1-10.214+dfsg.1-20.215+dfsg.1-10.217+dfsg.1-10.217+dfsg.1-1build10.218+dfsg.1-10.220+dfsg.1-1

Ubuntu:24.04:LTSmame

Affected versions:

0.257+dfsg.1-10.258+dfsg.1-1build10.261+dfsg.1-10.261+dfsg.1-1build20.261+dfsg.1-1build30.264+dfsg.1-1

Ubuntu:Pro:16.04:LTSmame

Affected versions:

0.160-0ubuntu1

Ubuntu:Pro:18.04:LTSmame

Affected versions:

0.188+dfsg.1-0ubuntu20.189+dfsg.1-10.192+dfsg.1-0ubuntu10.195+dfsg.1-2

Ubuntu:25.04mame

Affected versions:

0.269+dfsg.1-10.270+dfsg.1-10.272+dfsg.1-10.273+dfsg.1-10.274+dfsg.1-20.275+dfsg.1-3

Ubuntu:22.04:LTSmame

Affected versions:

0.235+dfsg.1-1ubuntu10.237+dfsg.1-10.238+dfsg.1-10.239+dfsg.1-10.240+dfsg.1-10.242+dfsg.1-1

Ubuntu:22.04:LTSpsychtoolbox-3

Affected versions:

3.0.17.12.dfsg1-13.0.17.12.dfsg1-1.13.0.17.9.dfsg1-23.0.18.4.dfsg1-1

Ubuntu:Pro:16.04:LTSpsychtoolbox-3

Affected versions:

3.0.11.20140816.dfsg1-1ubuntu43.0.12.20150725.dfgs1-2ubuntu13.0.12.20160126.dfsg1-1ubuntu1

Ubuntu:Pro:18.04:LTSpsychtoolbox-3

Affected versions:

3.0.14.20170103+git6-g605ff5c.dfsg1-1build1

Ubuntu:25.04psychtoolbox-3

Affected versions:

3.0.19.14.dfsg1-1

Ubuntu:Pro:20.04:LTSpsychtoolbox-3

Affected versions:

3.0.15.20190207.dfsg1-13.0.15.20190725.dfsg1-1build13.0.16.20200130.dfsg1-1

Ubuntu:24.04:LTSpsychtoolbox-3

Affected versions:

3.0.19.3.dfsg1-13.0.19.5.dfsg1-13.0.19.5.dfsg1-1build23.0.19.5.dfsg1-1build3

Ubuntu:24.04:LTSqt6-webengine

Affected versions:

6.4.2-final+dfsg-116.4.2-final+dfsg-126.4.2-final+dfsg-12build16.4.2-final+dfsg-12ubuntu16.4.2-final+dfsg-12ubuntu76.4.2-final+dfsg-12ubuntu9

Ubuntu:25.04qt6-webengine

Affected versions:

6.6.2+dfsg-5ubuntu26.7.2+dfsg-56.7.2+dfsg-86.8.1+dfsg-0ubuntu16.8.2+dfsg-0ubuntu26.8.2+dfsg-3fakesync16.8.3+dfsg-0ubuntu1

Ubuntu:22.04:LTSqt6-webengine

Affected versions:

6.2.2+dfsg-6ubuntu26.2.4+dfsg-1ubuntu16.2.4+dfsg-1ubuntu26.2.4+dfsg-6ubuntu1

Ubuntu:25.04qtwebengine-opensource-src

Affected versions:

5.15.17+dfsg-45.15.17+dfsg-55.15.17+dfsg2-15.15.17+dfsg2-25.15.17+dfsg2-35.15.18+dfsg-15.15.18+dfsg-2

Ubuntu:Pro:18.04:LTSqtwebengine-opensource-src

Affected versions:

5.9.1+dfsg-45.9.1+dfsg-4ubuntu15.9.2+dfsg-2ubuntu15.9.3+dfsg-0ubuntu15.9.4+dfsg-0ubuntu15.9.5+dfsg-0ubuntu2

Ubuntu:22.04:LTSqtwebengine-opensource-src

Affected versions:

5.15.6+dfsg-15.15.6+dfsg-25.15.7+dfsg-25.15.8+dfsg-15.15.8+dfsg-1build15.15.8+dfsg-1build25.15.8+dfsg-25.15.9+dfsg-1

Ubuntu:24.04:LTSqtwebengine-opensource-src

Affected versions:

5.15.15+dfsg-25.15.15+dfsg-2build25.15.15+dfsg-2ubuntu15.15.16+dfsg-15.15.16+dfsg-1ubuntu25.15.16+dfsg-1ubuntu45.15.16+dfsg-3

Ubuntu:Pro:20.04:LTSqtwebengine-opensource-src

Affected versions:

5.12.4+dfsg-1ubuntu15.12.4+dfsg-1ubuntu35.12.5+dfsg-3ubuntu15.12.5+dfsg-6ubuntu25.12.5+dfsg-75.12.5+dfsg-7build15.12.8+dfsg-0ubuntu15.12.8+dfsg-0ubuntu1.1

Ubuntu:Pro:20.04:LTSrbdoom3bfg

Affected versions:

1.2.0+dfsg~git20181013-11.2.0+dfsg~git20191014-11.2.0+dfsg~git20191014-2

Ubuntu:Pro:18.04:LTSrbdoom3bfg

Affected versions:

1.1.0~preview3+dfsg+git20161019-1

Ubuntu:24.04:LTSrbdoom3bfg

Affected versions:

1.4.0+dfsg-2build11.4.0+dfsg-2build3

Ubuntu:22.04:LTSrbdoom3bfg

Affected versions:

1.2.0+dfsg~git20210105-11.2.0+dfsg~git20210105-1build11.3.0+dfsg-2

Ubuntu:25.04rbdoom3bfg

Affected versions:

1.4.0+dfsg-3ubuntu11.4.0+dfsg-4ubuntu11.4.0+dfsg-5ubuntu1

Ubuntu:Pro:16.04:LTSrbdoom3bfg

Affected versions:

1.0.3+repack1+git20150625-1build11.0.3+repack1+git20150806-11.0.3+repack1+git20151103-11.0.3+repack1+git20151103-1build11.0.3+repack1+git20151124-1

Ubuntu:Pro:20.04:LTSrenderdoc

Affected versions:

1.4+dfsg-11.5+dfsg-11.5+dfsg-21.6+dfsg-11.6+dfsg-1build11.6+dfsg-1build2

Ubuntu:22.04:LTSrenderdoc

Affected versions:

1.11+dfsg-51.15+dfsg-11.16+dfsg-11.16+dfsg-1build11.18+dfsg-1

Ubuntu:24.04:LTStinyexr

Affected versions:

1.0.7+dfsg-11.0.8+dfsg-1

Ubuntu:25.04tinyexr

Affected versions:

1.0.10+dfsg-11.0.8+dfsg-11.0.9+dfsg-1

Ubuntu:22.04:LTStinyexr

Affected versions:

1.0.0+dfsg-11.0.1+dfsg-3

References

REPORThttps://github.com/syoyo/tinyexr/pull/175 REPORThttps://ubuntu.com/security/CVE-2022-34300 REPORThttps://www.cve.org/CVERecord?id=CVE-2022-34300

CVSS Analysis

CVSS v3.1

8.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Upstream

CVE-2022-34300

Ecosystems

Ubuntu 16.04 LTS Ubuntu Pro 16.04 LTS Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu Pro 18.04 LTS Ubuntu 24.04 LTS Ubuntu 25.04 Ubuntu Pro 20.04 LTS

Timeline

PublishedJun 23, 2022

ModifiedJul 14, 2025