Published: 22/12/2022 Updated: 30/05/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openimageio openimageio 2.3.19.0
debian debian linux 11.0

Debian Bug report logs - #1027143 penimageio: CVE-2022-36354 CVE-2022-38143 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-41639 CVE-2022-41649 CVE-2022-41684 CVE-2022-41794 CVE-2022-41837 CVE-2022-41838 CVE-2022-41977 CVE ...

Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image file is processed For the stable distribution (bullseye), t ...

CWE-122 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633 https://www.debian.org/security/2023/dsa-5384 https://security.gentoo.org/glsa/202305-33 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027143 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5384

CVE-2022-41639

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect