CVE-2022-43594
CVSS V2 None
CVSS V3 None
Description
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.
Overview
- CVE ID
- CVE-2022-43594
- Assigner
- talos-cna@cisco.com
- Vulnerability Status
- Undergoing Analysis
- Published Version
- 2022-12-22T22:15:16
- Last Modified Date
- 2023-04-11T04:16:04
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:openimageio_project:openimageio:2.4.4.2:*:*:*:*:*:*:* | 1 | OR |
References
Reference URL | Reference Tags |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 | Exploit Third Party Advisory |
https://www.debian.org/security/2023/dsa-5384 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-43594 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43594 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-12-22 23:15:33 | Added to TrackCVE | |||
2022-12-22 23:15:34 | Weakness Enumeration | new | ||
2022-12-23 04:15:31 | 2022-12-23T03:31:02 | CVE Modified Date | updated | |
2022-12-23 04:15:32 | Received | Awaiting Analysis | Vulnerability Status | updated |
2022-12-23 04:15:35 | CVSS V3 information | new | ||
2022-12-28 15:14:50 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
2022-12-28 15:14:53 | CVSS V3 information | new | ||
2022-12-30 14:14:36 | 2022-12-30T13:21:37 | CVE Modified Date | updated | |
2022-12-30 14:14:36 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
2022-12-30 14:14:37 | CPE Information | updated | ||
2022-12-30 14:14:37 | CVSS V3 information | new | ||
2023-03-31 12:14:18 | 2023-03-29T19:15:18 | CVE Modified Date | updated | |
2023-03-31 12:14:19 | Analyzed | Modified | Vulnerability Status | updated |
2023-04-04 22:16:17 | Modified | Undergoing Analysis | Vulnerability Status | updated |
2023-04-11 07:13:08 | 2023-04-11T04:16:04 | CVE Modified Date | updated | |
2023-04-11 07:13:12 | References | updated |