Vulnerability Description
A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openimageio | Openimageio | 2022-09-14 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html
- https://security.gentoo.org/glsa/202305-33
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632ExploitThird Party Advisory
- https://www.debian.org/security/2023/dsa-5384
- https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html
- https://security.gentoo.org/glsa/202305-33
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632ExploitThird Party Advisory
- https://www.debian.org/security/2023/dsa-5384
FAQ
What is CVE-2022-41684?
CVE-2022-41684 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read ...
How severe is CVE-2022-41684?
CVE-2022-41684 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41684?
Check the references section above for vendor advisories and patch information. Affected products include: Openimageio Openimageio.