Published: 22/12/2022 Updated: 30/05/2023

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 0

An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openimageio openimageio 2.4.4.2
debian debian linux 11.0

Debian Bug report logs - #1027143 penimageio: CVE-2022-36354 CVE-2022-38143 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-41639 CVE-2022-41649 CVE-2022-41684 CVE-2022-41794 CVE-2022-41837 CVE-2022-41838 CVE-2022-41977 CVE ...

Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image file is processed For the stable distribution (bullseye), t ...

CWE-125 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651 https://www.debian.org/security/2023/dsa-5384 https://security.gentoo.org/glsa/202305-33 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027143 https://www.debian.org/security/2023/dsa-5384 https://nvd.nist.gov

CVE-2022-43592

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect