CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-43598
https://notcve.org/view.php?id=CVE-2022-43598
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`. Existen múltiples vulnerabilidades de corrupción de memoria en la funcionalidad de relleno de alineación IFFOutput de OpenImageIO Project OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente manipulado puede provocar la ejecución de código arbitrario. • https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 https://www.debian.org/security/2023/dsa-5384 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-43597
https://notcve.org/view.php?id=CVE-2022-43597
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`. Existen múltiples vulnerabilidades de corrupción de memoria en la funcionalidad de relleno de alineación IFFOutput del proyecto OpenImageIO OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente manipulado puede provocar la ejecución de código arbitrario. • https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 https://www.debian.org/security/2023/dsa-5384 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-43596
https://notcve.org/view.php?id=CVE-2022-43596
An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información en la funcionalidad de entrelazado del canal IFFOutput de OpenImageIO Project OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente manipulado puede provocar la filtración de datos del montón. • https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654 https://www.debian.org/security/2023/dsa-5384 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-43595
https://notcve.org/view.php?id=CVE-2022-43595
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files. Existen múltiples vulnerabilidades de Denegación de Servicio (DoS) en la funcionalidad de cierre de salida de imágenes de OpenImageIO Project OpenImageIO v2.4.4.2. Los objetos ImageOutput especialmente manipulados pueden provocar múltiples desreferencias de puntero null. • https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 https://www.debian.org/security/2023/dsa-5384 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-43594
https://notcve.org/view.php?id=CVE-2022-43594
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files. Existen múltiples vulnerabilidades de Denegación de Servicio (DoS) en la funcionalidad de cierre de salida de imágenes de OpenImageIO Project OpenImageIO v2.4.4.2. Los objetos ImageOutput especialmente manipulados pueden provocar múltiples desreferencias de puntero null. • https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 https://www.debian.org/security/2023/dsa-5384 • CWE-476: NULL Pointer Dereference •