Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43595

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files.

Published

2022-12-22T22:15:16.287

Last Modified

2024-11-21T07:26:50.823

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openimageio	openimageio	2.4.4.2	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://security.gentoo.org/glsa/202305-33 ([email protected])
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 Exploit, Third Party Advisory ([email protected])
https://www.debian.org/security/2023/dsa-5384 Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202305-33 (af854a3a-2127-422b-91ae-364da2661108)
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5384 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)