CVE-2022-43594

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-43594

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43594.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-43594

Related

Published

2022-12-22T22:15:16Z

Modified

2024-09-18T03:22:06.427342Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.

References

Affected packages

Debian:11 / openimageio

Package

Name: openimageio
Purl: pkg:deb/debian/openimageio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.10.1+dfsg-1+deb11u1

Affected versions

2.*

2.2.10.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openimageio

Package

Name: openimageio
Purl: pkg:deb/debian/openimageio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.7.1+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openimageio/oiio

Affected ranges

Type: GIT
Repo: https://github.com/openimageio/oiio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4327cd8560b92965eb3679dd860620ac000cea24

Affected versions

Arnold-3.*

Arnold-3.4.72.0

Release-0.*

Release-0.10.0

Release-1.*

Release-1.0.0

Release-1.0.1

Release-1.1.0

Release-1.1.0-beta1

Release-1.1.0-beta2

Release-1.1.0-beta3

Release-1.1.0-beta4

Release-1.1.1

Release-1.3.0-dev

Release-1.3.1-dev

Release-1.3.2-dev

Release-1.3.3-dev

Release-1.3.4-dev

Release-1.3.5

Release-1.3.5-dev

Release-1.3.6-dev

Release-1.4.1dev

Release-1.4.2dev

Release-1.4.3dev

Release-1.4.4dev

Release-1.4.5dev

Release-1.4.6RC1

Release-1.5.0dev

Release-1.5.1dev

Release-1.5.2dev

Release-1.5.3dev

Release-1.5.4dev-pre-SIMD

Release-1.5.5dev

Release-1.5.6dev

Release-1.5.7dev

Release-1.6.1dev

Release-1.6.2dev

Release-1.6.3dev

Release-1.6.4dev

Release-1.6.6beta

Release-1.7.0dev

Release-1.7.1dev

Release-1.7.2dev

Release-1.7.3dev

Release-1.7.4dev

Release-1.7.5beta

Release-1.7.6RC1

Release-1.8.0dev

Release-1.8.1dev

Release-1.8.2dev

Release-1.8.3dev

Release-1.8.4dev

Release-1.9.1dev

Release-1.9.2dev

Release-1.9.3dev

Release-1.9.4dev

Release-2.*

Release-2.0.0-beta1

Release-2.0.1-RC1

Release-2.1.0-dev

Release-2.1.1-dev

Release-2.1.2-dev

Release-2.1.3-dev

Release-2.1.4.0-dev

Release-2.1.5.0-dev

Release-2.1.7-beta

Release-2.1.8.0-RC1

Release-2.2.0.0-dev

Release-2.2.1.0-dev

Release-2.2.1.1-dev

Release-2.2.2.0-dev

Release-2.2.3.0-dev

Release-2.3.0.0-dev

Release-2.3.1.0-dev

Release-2.3.2.0-dev

Release-2.3.3.0-dev

Release-2.3.4.0-dev

arnold-3.*

arnold-3.4.71.0

spi-Arn3.*

spi-Arn3.4.71.0

spi-Arn3.4.72.0

spi-Arn3.4.73.6

spi-Arn3.4.73.7

spi-Arn3.5.0.0

spi-Arn3.5.10.0

spi-Arn3.5.11.0

spi-Arn3.5.12.0

spi-Arn3.5.13.1

spi-Arn3.5.14.0

spi-Arn3.5.16.0

spi-Arn3.5.2.0

spi-Arn3.5.24.0

spi-Arn3.5.25.0

spi-Arn3.5.26.0

spi-Arn3.5.28.0

spi-Arn3.5.31.0

spi-Arn3.5.35.0

spi-Arn3.5.37.0

spi-Arn3.5.41.0

spi-Arn3.5.45.0

spi-Arn3.5.45.1

spi-Arn3.5.48.0

spi-Arn3.5.5.0

spi-Arn3.5.50.0

spi-Arn3.5.66.0

spi-Arn3.5.68.0

spi-Arn3.5.75.0

spi-Arn3.5.8.0

spi-Arn3.5.82.0

spi-Arn3.5.90.0

spi-Arn3.5.91.0

spi-Arn3.5.93.10

spi-Arn3.6.18.0

spi-Arn3.6.21.3

spi-Arn3.6.27.0

spi-Arn3.6.33.4

spi-Arn3.6.36.0

spi-Arn3.6.64.6

spi-Arn3.6.69.3

spi-Arn3.6.7.1

spi-Arn3.6.72.1

spi-Arn3.7.23.3

spi-Arn3.7.25.0

spi-Arn3.7.42.0

Other

spi-SpComp2-v20

spi-SpComp2-v9

spi-spcomp2-release-38.*

spi-spcomp2-release-38.0

spi-spcomp2-release-39.*

spi-spcomp2-release-39.1

spi-spcomp2-release-41.*

spi-spcomp2-release-41.0

spi-spcomp2-release-42.*

spi-spcomp2-release-42.0-rhel7

spi-spcomp2-release-43.*

spi-spcomp2-release-43.0

spi-spcomp2-release-44.*

spi-spcomp2-release-44.0

spi-spcomp2-release-44.1

spi-spcomp2-release-44.2

spi-spcomp2-release-45.*

spi-spcomp2-release-45.0

spi-spcomp2-release-45.1

spi-spcomp2-release-45.3

spi-spcomp2-release-45.4

spi-spcomp2-release-47.*

spi-spcomp2-release-47.0

spi-spcomp2-release-48.*

spi-spcomp2-release-48.0

spi-spcomp2-release-49.*

spi-spcomp2-release-49.1

spi-v7-Arn3.*

spi-v7-Arn3.4.73.3

spi-v8-Arn3.*

spi-v8-Arn3.4.73.6

spiArn-3.*

spiArn-3.6.74.0

spiArn-3.6.84.0

spiArn-3.6.86.0

spiArn-3.6.94.0

spiArn3.*

spiArn3.5.45.0

spiArn3.5.45.1

spiArn3.5.48.0

spiArn3.5.50.0

spiArn3.5.66.0

spiArn3.5.68.0

spiArn3.5.75.0

spiArn3.5.82.0

v2.*

v2.3.5.0-dev

v2.3.6.0-dev

v2.4.0.0-dev

v2.4.0.1-dev

v2.4.0.2-dev

v2.4.0.3-dev

v2.4.1.1-dev

v2.4.2.0-dev

v2.4.2.1-dev

v2.4.2.2-dev

v2.4.3.0-RC1

v2.4.3.0-beta

v2.4.4.0-RC2

v2.4.4.1

v2.4.4.2