CVE-2022-43595

EUVD-2022-46591
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
talosCNA
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
openimageioopenimageio
2.4.4.2
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openimageio
bookworm
2.4.7.1+dfsg-2
fixed
bullseye
2.2.10.1+dfsg-1+deb11u1
fixed
bullseye (security)
2.2.10.1+dfsg-1+deb11u1
fixed
sid
2.5.16.0+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openimageio
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://security.gentoo.org/glsa/202305-33
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
https://www.debian.org/security/2023/dsa-5384
https://security.gentoo.org/glsa/202305-33
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
https://www.debian.org/security/2023/dsa-5384