CVE-2022-43594

Name of the Vulnerable Software and Affected Versions OpenImageIO version 2.4.4.2

Description The issue is related to denial of service vulnerabilities in the image output closing functionality. Specially crafted ImageOutput Objects can lead to null pointer dereferences. An attacker can trigger these vulnerabilities by providing malicious inputs, specifically when writing .bmp files. This can allow a remote attacker to cause a denial of service using a specially crafted file.

Recommendations For OpenImageIO version 2.4.4.2, consider disabling the image output closing functionality until a patch is available to prevent exploitation. Restrict access to writing .bmp files to minimize the risk of triggering the null pointer dereferences. Avoid using specially crafted ImageOutput Objects that can lead to these vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.