First published: Thu Dec 22 2022(Updated: )
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openimageio Openimageio | =2.3.19.0 | |
Debian Debian Linux | =11.0 | |
debian/openimageio | <=2.0.5~dfsg0-1 | 2.0.5~dfsg0-1+deb10u2 2.2.10.1+dfsg-1+deb11u1 2.4.7.1+dfsg-2 2.4.14.0+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41639
The severity of CVE-2022-41639 is critical, with a CVSS score of 9.8.
The affected software for CVE-2022-41639 is OpenImageIO version 2.3.19.0 and Debian Linux version 11.0.
CVE-2022-41639 can lead to an out-of-bounds memory corruption, which can result in arbitrary code execution.
Yes, you can find references for CVE-2022-41639 at the following links: 1. [Gentoo GLSA-202305-33](https://security.gentoo.org/glsa/202305-33) 2. [Talos Intelligence Vulnerability Report](https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633) 3. [Debian Security Advisory DSA-5384](https://www.debian.org/security/2023/dsa-5384)