CVE-2022-43599

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:openimageio_project:openimageio:2.4.4.2:*:*:*:*:*:*:*

Information

Published : 2022-12-22 14:15

Updated : 2022-12-30 13:29


NVD link : CVE-2022-43599

Mitre link : CVE-2022-43599


JSON object : View

CWE
CWE-122

Heap-based Buffer Overflow

Advertisement

dedicated server usa

Products Affected

openimageio_project

  • openimageio