{"vulnerability": "CVE-2024-40630", "sightings": [{"uuid": "93055415-2dfb-4f6d-8291-2c08e040dbb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40630", "type": "seen", "source": "https://t.me/cvedetector/901", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40630 - OpenImageIO Heif Input Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-40630 \nPublished : July 15, 2024, 8:15 p.m. | 22\u00a0minutes ago \nDescription : OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input functionality of OpenImageIO. Specifically, in `HeifInput::seek_subimage()`.  In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the `ImageInput` APIs. This bug has been addressed in commit `0a2dcb4c` which is included in the 2.5.13.1 release. Users are advised to upgrade. There are no known workarounds for this issue. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T22:42:25.000000Z"}]}