First published: Thu Mar 30 2023(Updated: )
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openimageio Openimageio | =2.4.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-22845 is an out-of-bounds read vulnerability in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1 that can lead to information disclosure.
CVE-2023-22845 affects OpenImageIO version 2.4.7.1 where a specially crafted targa file can be used to trigger the vulnerability and lead to information disclosure.
CVE-2023-22845 has a severity level of 7.5 (high).
The CVE-2023-22845 vulnerability can be exploited by providing a malicious targa file to the OpenImageIO software.
There is no known fix for CVE-2023-22845 at the moment, it is recommended to update to a version that addresses this vulnerability once a fix is released.