CVE-2022-43600

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16`
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:openimageio_project:openimageio:2.4.4.2:*:*:*:*:*:*:*

Information

Published : 2022-12-22 14:15

Updated : 2022-12-30 13:28


NVD link : CVE-2022-43600

Mitre link : CVE-2022-43600


JSON object : View

CWE
CWE-122

Heap-based Buffer Overflow

Advertisement

dedicated server usa

Products Affected

openimageio_project

  • openimageio