VDB
CVE-2022-43603
CVE-2022-43603
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.
EPSS 0.72% · 73.0th percentile
Risk Scores
CVSS 3.0
5.900000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.72%
73.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openimageio | openimageio | 2.4.4.2 |
| OpenImageIO Project | OpenImageIO | v2.4.4.2 |
| debian | debian_linux | 11.0 |
Timeline
- Dec 22, 2022 CVE Published
- Dec 23, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
- Jun 7, 2023 EPSS Score
- Jul 19, 2023 EPSS Score
- Aug 29, 2023 EPSS Score
- Oct 10, 2023 EPSS Score
- Nov 20, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
- Feb 11, 2024 EPSS Score
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657 url
- https://www.debian.org/security/2023/dsa-5384 url
- https://security.gentoo.org/glsa/202305-33 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-43603 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLUXEL7AB2S5ACSDCHG67GEZHUYZBR5O url