CVE-2022-43595
CVSS V2 None
CVSS V3 None
Description
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files.
Overview
- CVE ID
- CVE-2022-43595
- Assigner
- talos-cna@cisco.com
- Vulnerability Status
- Undergoing Analysis
- Published Version
- 2022-12-22T22:15:16
- Last Modified Date
- 2023-04-11T04:16:04
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:openimageio_project:openimageio:2.4.4.2:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 | Exploit Third Party Advisory |
| https://www.debian.org/security/2023/dsa-5384 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-43595 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43595 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-22 23:15:37 | Added to TrackCVE | |||
| 2022-12-22 23:15:38 | Weakness Enumeration | new | ||
| 2022-12-23 04:15:32 | 2022-12-23T03:31:02 | CVE Modified Date | updated | |
| 2022-12-23 04:15:32 | Received | Awaiting Analysis | Vulnerability Status | updated |
| 2022-12-23 04:15:35 | CVSS V3 information | new | ||
| 2022-12-28 15:14:50 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2022-12-28 15:14:54 | CVSS V3 information | new | ||
| 2022-12-30 14:14:36 | 2022-12-30T13:20:02 | CVE Modified Date | updated | |
| 2022-12-30 14:14:36 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2022-12-30 14:14:37 | CPE Information | updated | ||
| 2022-12-30 14:14:37 | CVSS V3 information | new | ||
| 2023-03-31 12:14:19 | 2023-03-29T19:15:18 | CVE Modified Date | updated | |
| 2023-03-31 12:14:19 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-04-04 22:16:17 | Modified | Undergoing Analysis | Vulnerability Status | updated |
| 2023-04-11 07:13:14 | 2023-04-11T04:16:04 | CVE Modified Date | updated | |
| 2023-04-11 07:13:18 | References | updated |