Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43594

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.

Published

2022-12-22T22:15:16.227

Last Modified

2024-11-21T07:26:50.680

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-476
Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openimageio	openimageio	2.4.4.2	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://security.gentoo.org/glsa/202305-33 Third Party Advisory ([email protected])
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 Exploit, Third Party Advisory ([email protected])
https://www.debian.org/security/2023/dsa-5384 Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202305-33 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5384 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)