VDB

CVE-2022-41988

CVE-2022-41988 PUBLISHED CVSS 5.300000190734863 MEDIUM

An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

EPSS 0.52% · 67.2th percentile

Risk Scores

CVSS 3.0
5.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.52%
67.2th percentile

Affected Products

VendorProductVersions
OpenImageIO ProjectOpenImageIOv2.3.19.0
debiandebian_linux11.0
openimageioopenimageio2.3.19.0

Timeline

  • Dec 22, 2022 CVE Published
  • Dec 23, 2022 EPSS Score
  • Dec 28, 2022 EPSS Score
  • Dec 31, 2022 EPSS Score
  • Feb 3, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 16, 2023 EPSS Score
  • Apr 27, 2023 EPSS Score
  • Jun 7, 2023 EPSS Score
  • Jul 19, 2023 EPSS Score
  • Aug 29, 2023 EPSS Score
  • Oct 10, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›