CVE-2022-41794
Debian Security Advisory 5384-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en el código de análisis de recursos de miniaturas PSD de OpenImageIO 2.3.19.0. Un archivo PSD especialmente manipulado puede provocar la ejecución de código arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad.
Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image file is processed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-30 CVE Reserved
- 2022-12-22 CVE Published
- 2024-12-17 EPSS Updated
- 2025-02-13 CVE Updated
- 2025-02-13 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html |
|
|
| https://security.gentoo.org/glsa/202305-33 |
|
|
| https://www.debian.org/security/2023/dsa-5384 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626 | 2025-02-13 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openimageio Search vendor "Openimageio" | Openimageio Search vendor "Openimageio" for product "Openimageio" | 2.3.19.0 Search vendor "Openimageio" for product "Openimageio" and version "2.3.19.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||