PT-2022-7119 · Unknown+2 · Openimageio+2

Lilith >_>

Published

2022-02-07

Updated

2024-06-15

CVE-2023-24472

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenImageIO version 2.4.7.1

Description A denial of service issue exists in the FitsOutput::close() functionality of OpenImageIO, related to uncontrolled recursion. This can be triggered by a specially crafted ImageOutput Object, allowing a remote attacker to cause a denial of service with a maliciously created image file. An attacker can provide malicious input to trigger this vulnerability.

Recommendations For OpenImageIO version 2.4.7.1, consider disabling the FitsOutput::close() function until a patch is available to prevent exploitation. Restrict access to the ImageOutput object to minimize the risk of denial of service attacks. Avoid using specially crafted image files that could trigger this issue until the vulnerability is resolved.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

BDU:2023-07641

CVE-2023-24472

DLA-3518-1

MGASA-2023-0151

OPENSUSE-SU-2024:12693-1

Affected Products

Astra Linux

Debian

Openimageio

PT-2022-7119 · Unknown+2 · Openimageio+2

CVE-2023-24472

Weakness Enumeration

Related Identifiers

Affected Products

References · 29