5.9

CVE-2022-43595

Exploit

EPSS 0.15%
Veröffentlicht 22.12.2022 22:15:16
Zuletzt bearbeitet 21.11.2024 07:26:50
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openimageio ≫ Openimageio Version2.4.4.2

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.36

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
talos-cna@cisco.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://security.gentoo.org/glsa/202305-33

https://www.debian.org/security/2023/dsa-5384

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-43595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43595

EUVD