CVE-2022-43595 — NULL Pointer Dereference in Openimageio
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 65.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Latest updateMar 30
Description
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 11.0
🔴Vulnerability Details
2GHSA▶
GHSA-f7fg-v9hq-5m57: Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2↗2022-12-23
OSV▶
CVE-2022-43595: Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2↗2022-12-22
📋Vendor Advisories
1Debian▶
CVE-2022-43595: openimageio - Multiple denial of service vulnerabilities exist in the image output closing fun...↗2022
🕵️Threat Intelligence
4Talos▶
Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser↗2023-03-30
Talos▶
Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser↗2023-03-30
Talos▶
Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service↗2022-12-22
Talos▶
Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service↗2022-12-22