Published: 22/12/2022 Updated: 30/05/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openimageio openimageio 2.3.19.0
openimageio openimageio 2.4.4.2
debian debian linux 11.0

Debian Bug report logs - #1027808 openimageio: CVE-2022-43603 CVE-2022-41999 Package: src:openimageio; Maintainer for src:openimageio is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Tue, 3 Jan 2023 15:42:02 UTC Severity: importan ...

Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image file is processed For the stable distribution (bullseye), t ...

CWE-476 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635 https://www.debian.org/security/2023/dsa-5384 https://security.gentoo.org/glsa/202305-33 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027808 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5384

CVE-2022-41999

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect