CVE-2022-41837

Name of the Vulnerable Software and Affected Versions OpenImageIO versions prior to the fixed version

Description The issue is related to the add exif item to spec function in the OpenImageIO library, which can lead to stack-based memory corruption when processing specially-crafted exif metadata. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a maliciously crafted file. The vulnerability can be triggered by providing a malicious file with crafted exif metadata.

Recommendations For OpenImageIO versions prior to the fixed version, consider disabling the add exif item to spec function until a patch is available to prevent exploitation. Restrict access to files with potentially malicious exif metadata to minimize the risk of triggering this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.