CVE-2022-43603NULL Pointer Dereference in Openimageio

CWE-476NULL Pointer DereferenceCWE-59Link Following7 documents6 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 61.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
OpenimageioDebian OpenimageioOpenimageio Project Openimageio+8 more
Timeline
PublishedDec 22
Latest updateOct 8

Description

A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages11 packages

debiandebian/openimageio< openimageio 2.4.7.1+dfsg-2 (bookworm)
Debianopenimageio/openimageio< 2.2.10.1+dfsg-1+deb11u1+3

Also affects: Debian Linux 11.0

🔴Vulnerability Details

2
GHSA
GHSA-245j-8gjp-c4v5: A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v22022-12-23
OSV
CVE-2022-43603: A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v22022-12-22

📋Vendor Advisories

2
Microsoft
Visual Studio Collector Service Denial of Service Vulnerability2024-10-08
Debian
CVE-2022-43603: openimageio - A denial of service vulnerability exists in the ZfileOutput::close() functionali...2022

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service2022-12-22
Talos
Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service2022-12-22