CVE-2022-41981: Buffer Overflow
First published: Thu Dec 22 2022(Updated: )
A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openimageio Openimageio | =2.3.19.0 | |
| Debian Debian Linux | =11.0 | |
| debian/openimageio | <=2.0.5~dfsg0-1 | 2.0.5~dfsg0-1+deb10u2 2.2.10.1+dfsg-1+deb11u1 2.4.7.1+dfsg-2 2.4.14.0+dfsg-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-41981.
What is the severity of CVE-2022-41981?
The severity of CVE-2022-41981 is high.
What is the affected software?
The affected software is OpenImageIO v2.3.19.0 and Debian Linux 11.0.
How does the vulnerability in OpenImageIO v2.3.19.0 occur?
The vulnerability in OpenImageIO v2.3.19.0 occurs due to a stack-based buffer overflow in the TGA file format parser.
What is the risk of CVE-2022-41981?
The risk of CVE-2022-41981 is arbitrary code execution.
- collector/nvd-index
- collector/security-tracker-debian
- agent/author
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/openimageio
- canonical/openimageio openimageio
- version/openimageio openimageio/2.3.19.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0
- package-manager/debian