CVE-2022-41981

CVSS V2 None CVSS V3 None
Description
A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Overview
  • CVE ID
  • CVE-2022-41981
  • Assigner
  • talos-cna@cisco.com
  • Vulnerability Status
  • Undergoing Analysis
  • Published Version
  • 2022-12-22T22:15:15
  • Last Modified Date
  • 2023-04-11T04:16:03
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:openimageio_project:openimageio:2.3.19.0:*:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2022-12-22 23:15:27 Added to TrackCVE
2022-12-22 23:15:28 Weakness Enumeration new
2022-12-23 04:15:31 2022-12-23T03:31:02 CVE Modified Date updated
2022-12-23 04:15:31 Received Awaiting Analysis Vulnerability Status updated
2022-12-23 04:15:34 CVSS V3 information new
2022-12-28 16:17:00 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-28 16:17:04 CVSS V3 information new
2022-12-30 17:14:31 2022-12-30T16:23:52 CVE Modified Date updated
2022-12-30 17:14:31 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-30 17:14:33 CPE Information updated
2022-12-30 17:14:33 CVSS V3 information new
2023-01-01 08:14:33 2023-01-01T07:15:09 CVE Modified Date updated
2023-01-01 08:14:33 Analyzed Modified Vulnerability Status updated
2023-01-01 08:14:34 References updated
2023-01-01 08:14:34 CVSS V3 information new
2023-01-05 19:15:53 Modified Undergoing Analysis Vulnerability Status updated
2023-01-05 19:15:56 CVSS V3 information new
2023-01-06 14:16:52 2023-01-06T14:09:40 CVE Modified Date updated
2023-01-06 14:16:52 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-06 14:16:55 CVSS V3 information new
2023-02-01 19:14:17 2023-02-01T18:15:09 CVE Modified Date updated
2023-02-01 19:14:17 Analyzed Undergoing Analysis Vulnerability Status updated
2023-02-01 19:14:19 CVSS V3 information new
2023-02-06 18:13:57 CVSS V3 information new
2023-02-28 16:13:21 2023-02-28T15:37:59 CVE Modified Date updated
2023-02-28 16:13:21 Undergoing Analysis Analyzed Vulnerability Status updated
2023-02-28 16:13:22 Weakness Enumeration update
2023-02-28 16:13:22 CVSS V3 information new
2023-04-04 22:16:00 Analyzed Undergoing Analysis Vulnerability Status updated
2023-04-04 22:16:04 CVSS V3 information new
2023-04-11 07:13:08 2023-04-11T04:16:03 CVE Modified Date updated
2023-04-11 07:13:12 CVSS V3 information new