First published: Thu Dec 22 2022(Updated: )
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files.
Credit: talos-cna@cisco.com talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openimageio Openimageio | =2.4.4.2 | |
Debian Debian Linux | =11.0 | |
debian/openimageio | <=2.0.5~dfsg0-1 | 2.0.5~dfsg0-1+deb10u2 2.2.10.1+dfsg-1+deb11u1 2.4.7.1+dfsg-2 2.4.14.0+dfsg-1 |
=2.4.4.2 | ||
=11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43595 is a vulnerability that exists in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2.
The severity of CVE-2022-43595 is not specified in the provided information.
CVE-2022-43595 can be exploited by providing specially crafted ImageOutput Objects that can lead to multiple null pointer dereferences, causing denial of service.
OpenImageIO versions 2.0.5~dfsg0-1+deb10u2, 2.2.10.1+dfsg-1+deb11u1, 2.4.7.1+dfsg-2, and 2.4.13.0+dfsg-1 are affected by CVE-2022-43595.
To fix CVE-2022-43595, update your OpenImageIO installation to a version that includes the necessary patches or remediation provided by Debian.