CVE-2022-43596

An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openimageio:openimageio:2.4.4.2:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:26

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de divulgación de información en la funcionalidad de entrelazado del canal IFFOutput de OpenImageIO Project OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente manipulado puede provocar la filtración de datos del montón. Un atacante puede proporcionar información maliciosa para desencadenar esta vulnerabilidad.
References () https://security.gentoo.org/glsa/202305-33 - () https://security.gentoo.org/glsa/202305-33 -
References () https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654 - Exploit, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654 - Exploit, Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5384 - Third Party Advisory () https://www.debian.org/security/2023/dsa-5384 - Third Party Advisory

Information

Published : 2022-12-22 22:15

Updated : 2024-11-21 07:26


NVD link : CVE-2022-43596

Mitre link : CVE-2022-43596

CVE.ORG link : CVE-2022-43596


JSON object : View

Products Affected

debian

  • debian_linux

openimageio

  • openimageio
CWE
CWE-125

Out-of-bounds Read