CVE-2022-41684
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.
Existe una vulnerabilidad de lectura fuera de los límites en OpenImageIO master-branch-9aeece7a al analizar la parte del directorio de archivos de imagen de un archivo de imagen PSD. Un archivo .psd especialmente manipulado puede provocar una lectura de una dirección de memoria arbitraria, lo que puede provocar una Denegación de Servicio (DoS). Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-30 CVE Reserved
- 2022-12-22 CVE Published
- 2024-08-12 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html |
|
|
| https://security.gentoo.org/glsa/202305-33 |
|
|
| https://www.debian.org/security/2023/dsa-5384 |
|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openimageio Search vendor "Openimageio" | Openimageio Search vendor "Openimageio" for product "Openimageio" | 2022-09-14 Search vendor "Openimageio" for product "Openimageio" and version "2022-09-14" | - |
Affected
| ||||||