First published: Thu Dec 22 2022(Updated: )
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.
Credit: talos-cna@cisco.com talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openimageio Openimageio | =2.4.4.2 | |
Debian Debian Linux | =11.0 | |
debian/openimageio | <=2.0.5~dfsg0-1 | 2.0.5~dfsg0-1+deb10u2 2.2.10.1+dfsg-1+deb11u1 2.4.7.1+dfsg-2 2.4.14.0+dfsg-1 |
=2.4.4.2 | ||
=11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43594 is a vulnerability in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2, which can be exploited by providing malicious inputs to trigger null pointer dereferences and result in denial of service.
The severity of CVE-2022-43594 is not specified in the provided information.
CVE-2022-43594 can be exploited by providing specially crafted ImageOutput Objects as inputs to trigger null pointer dereferences and cause denial of service.
OpenImageIO v2.0.5~dfsg0-1, v2.2.10.1+dfsg-1, v2.4.7.1+dfsg-2, and v2.4.13.0+dfsg-1 are affected by CVE-2022-43594.
To fix CVE-2022-43594, update the OpenImageIO package to version 2.0.5~dfsg0-1+deb10u2, 2.2.10.1+dfsg-1+deb11u1, 2.4.7.1+dfsg-2, or 2.4.13.0+dfsg-1 or later, as recommended by Debian.