PT-2022-6800 · Unknown+1 · Openimageio+1

Lilith >_>

Published

2022-10-19

Updated

2024-06-15

CVE-2022-41838

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenImageIO version 2.4.4.2

Description A code execution issue exists in the DDS scanline parsing functionality, which can lead to a heap buffer overflow when a specially-crafted .dds file is provided. This can allow an attacker to trigger the issue, potentially leading to access to confidential data, disruption of data integrity, and denial of service.

Recommendations For version 2.4.4.2, consider disabling the DDS scanline parsing functionality until a patch is available to prevent exploitation. Restrict access to the vulnerable functionality to minimize the risk of exploitation. Avoid using specially-crafted .dds files in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

BDU:2023-04794

CVE-2022-41838

DLA-3382-1

DSA-5384-1

MGASA-2023-0151

OPENSUSE-SU-2024:12477-1

Affected Products

Astra Linux

Openimageio

PT-2022-6800 · Unknown+1 · Openimageio+1

CVE-2022-41838

Weakness Enumeration

Related Identifiers

Affected Products

References · 38