CVE-2022-43593

Name of the Vulnerable Software and Affected Versions OpenImageIO version 2.4.4.2

Description A denial of service issue exists in the DPXOutput::close() functionality of OpenImageIO. This is due to errors in pointer dereferencing. An attacker can trigger this issue by providing malicious input, specifically a specially crafted ImageOutput Object, which can lead to a null pointer dereference. This allows a remote attacker to cause a denial of service using a specially crafted file.

Recommendations For OpenImageIO version 2.4.4.2, consider disabling the DPXOutput::close() functionality until a patch is available to prevent exploitation. Restrict access to the DPXOutput component to minimize the risk of triggering the null pointer dereference. Avoid using specially crafted ImageOutput Objects that could lead to this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.