CVE-2022-41649

Name of the Vulnerable Software and Affected Versions OpenImageIO version 2.3.19.0

Description A heap out of bounds read issue exists in the handling of IPTC data while parsing TIFF images. This can be triggered by a specially-crafted TIFF file, causing a read of adjacent heap memory and potentially leaking sensitive process information. An attacker can exploit this by providing a malicious file.

Recommendations For OpenImageIO version 2.3.19.0, consider avoiding the use of TIFF images or restricting access to the image parsing functionality until a patch is available. As a temporary workaround, refrain from processing untrusted TIFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.