CVE-2022-43598

{"id": "CVE-2022-43598", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2022-12-22T22:15:16.470", "references": [{"url": "https://security.gentoo.org/glsa/202305-33", "source": "[email protected]"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.debian.org/security/2023/dsa-5384", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://security.gentoo.org/glsa/202305-33", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2023/dsa-5384", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`."}, {"lang": "es", "value": "Existen m\u00faltiples vulnerabilidades de corrupci\u00f3n de memoria en la funcionalidad de relleno de alineaci\u00f3n IFFOutput de OpenImageIO Project OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar informaci\u00f3n maliciosa para desencadenar estas vulnerabilidades. Esta vulnerabilidad surge cuando `m_spec.format` es `TypeDesc::UINT16`."}], "lastModified": "2024-11-21T07:26:51.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openimageio:openimageio:2.4.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68FA2862-ED3E-4743-AFB0-0D23977A805D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}