VDB

CVE-2022-43594

CVE-2022-43594 PUBLISHED CVSS 5.900000095367432 MEDIUM

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.

EPSS 0.72% · 72.8th percentile

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.72%
72.8th percentile

Affected Products

VendorProductVersions
openimageioopenimageio2.4.4.2
OpenImageIO ProjectOpenImageIOv2.4.4.2
debiandebian_linux11.0

Timeline

  • Dec 22, 2022 CVE Published
  • Dec 23, 2022 EPSS Score
  • Dec 30, 2022 CVE Updated
  • Feb 3, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 16, 2023 EPSS Score
  • Apr 27, 2023 EPSS Score
  • Jun 7, 2023 EPSS Score
  • Jul 19, 2023 EPSS Score
  • Aug 29, 2023 EPSS Score
  • Nov 20, 2023 EPSS Score
  • Jan 1, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›