CVE-2022-43598
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`.
Existen múltiples vulnerabilidades de corrupción de memoria en la funcionalidad de relleno de alineación IFFOutput de OpenImageIO Project OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente manipulado puede provocar la ejecución de código arbitrario. Un atacante puede proporcionar información maliciosa para desencadenar estas vulnerabilidades. Esta vulnerabilidad surge cuando `m_spec.format` es `TypeDesc::UINT16`.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-21 CVE Reserved
- 2022-12-22 CVE Published
- 2024-09-10 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://security.gentoo.org/glsa/202305-33 | ||
https://www.debian.org/security/2023/dsa-5384 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 | 2024-09-16 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openimageio Search vendor "Openimageio" | Openimageio Search vendor "Openimageio" for product "Openimageio" | 2.4.4.2 Search vendor "Openimageio" for product "Openimageio" and version "2.4.4.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|