Vulnerability Details : CVE-2022-43595
Potential exploit
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files.
Vulnerability category: Denial of service
Products affected by CVE-2022-43595
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:openimageio:openimageio:2.4.4.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-43595
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-43595
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST | |
|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
Talos |
CWE ids for CVE-2022-43595
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: talos-cna@cisco.com (Primary)
References for CVE-2022-43595
-
https://security.gentoo.org/glsa/202305-33
OpenImageIO: Multiple Vulnerabilities (GLSA 202305-33) — Gentoo security
-
https://www.debian.org/security/2023/dsa-5384
Debian -- Security Information -- DSA-5384-1 openimageioThird Party Advisory
-
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
Exploit;Third Party Advisory
Jump to