PT-2022-7115 · Unknown+1 · Openimageio+1

Lilith >_>

Published

2022-10-19

Updated

2024-06-15

CVE-2022-41684

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenImageIO master-branch-9aeece7a

Description The issue is related to a heap out of bounds read vulnerability in OpenImageIO when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address, leading to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

Recommendations As a temporary workaround, consider disabling the parsing of PSD image files until a patch is available. Restrict access to the vulnerable OpenImageIO master-branch-9aeece7a to minimize the risk of exploitation. Avoid using the OpenImageIO library to parse .psd files in the affected version until the issue is resolved.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2023-07634

CVE-2022-41684

DLA-3518-1

DSA-5384-1

MGASA-2023-0151

OPENSUSE-SU-2024:12477-1

Affected Products

Astra Linux

Openimageio

PT-2022-7115 · Unknown+1 · Openimageio+1

CVE-2022-41684

Weakness Enumeration

Related Identifiers

Affected Products

References · 40