CVE-2022-43592

Name of the Vulnerable Software and Affected Versions OpenImageIO version 2.4.4.2

Description An information disclosure issue exists in the DPXOutput::close() functionality. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this issue, potentially allowing a remote attacker to access confidential data using a specially created file.

Recommendations For OpenImageIO version 2.4.4.2, consider disabling the DPXOutput::close() functionality until a patch is available to prevent potential information disclosure. Restrict access to the DPXOutput component to minimize the risk of exploitation. Avoid using specially crafted ImageOutput Objects in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.