CVE-2022-43598

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:openimageio_project:openimageio:2.4.4.2:*:*:*:*:*:*:*

Information

Published : 2022-12-22 14:15

Updated : 2022-12-30 13:29


NVD link : CVE-2022-43598

Mitre link : CVE-2022-43598


JSON object : View

CWE
CWE-122

Heap-based Buffer Overflow

Advertisement

dedicated server usa

Products Affected

openimageio_project

  • openimageio