CVE-2022-41838

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openimageio:openimageio:2.4.4.2:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:23

Type Values Removed Values Added
References () https://security.gentoo.org/glsa/202305-33 - () https://security.gentoo.org/glsa/202305-33 -
References () https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634 - Exploit, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634 - Exploit, Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5384 - Third Party Advisory () https://www.debian.org/security/2023/dsa-5384 - Third Party Advisory
Summary
  • (es) Existe una vulnerabilidad de ejecución de código en la funcionalidad de análisis de línea de exploración DDS de OpenImageIO Project OpenImageIO v2.4.4.2. Un .dds especialmente manipulado puede provocar un desbordamiento de búfer de almacenamiento dinámico. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad.

Information

Published : 2022-12-22 22:15

Updated : 2024-11-21 07:23


NVD link : CVE-2022-41838

Mitre link : CVE-2022-41838

CVE.ORG link : CVE-2022-41838


JSON object : View

Products Affected

debian

  • debian_linux

openimageio

  • openimageio
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write