First published: Thu Dec 22 2022(Updated: )
An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openimageio Openimageio | =2.3.19.0 | |
Debian Debian Linux | =11.0 | |
debian/openimageio | <=2.0.5~dfsg0-1 | 2.0.5~dfsg0-1+deb10u2 2.2.10.1+dfsg-1+deb11u1 2.4.7.1+dfsg-2 2.4.14.0+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41988 is an information disclosure vulnerability in the OpenImageIO Project OpenImageIO v2.3.19.0.
CVE-2022-41988 can be triggered by a specially-crafted TIFF file, which can lead to a disclosure of sensitive information.
OpenImageIO versions 2.0.5~dfsg0-1, 2.2.10.1+dfsg-1, 2.4.7.1+dfsg-2, and 2.4.13.0+dfsg-1 are affected by CVE-2022-41988.
To fix CVE-2022-41988, update OpenImageIO to versions 2.0.5~dfsg0-1+deb10u2, 2.2.10.1+dfsg-1+deb11u1, 2.4.7.1+dfsg-2, or 2.4.13.0+dfsg-1 or later.
You can find more information about CVE-2022-41988 at the Talos Intelligence vulnerability report and the related GitHub commits and pull request.