CVE-2022-41639

CVSS 9.8 CRITICALEPSS 1.8%CWE-122

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

OpenImageIO Project · OpenImageIO

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://security.gentoo.org/glsa/202305-33 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633 https://www.debian.org/security/2023/dsa-5384