Lucene search
China National Vulnerability DatabaseCNVD-2023-01796HistoryDec 23, 2022 - 12:00 a.m.
OpenImageIO Heap Out-of-Bounds Read Vulnerability (CNVD-2023-01796)
2022-12-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
openimageio
heap
out-of-bounds read
vulnerability
iptc data
tiff files
process information disclosure
cnvd-2023-01796
0.002 Low
EPSS
Percentile
53.7%
OpenImageIO is an image read and write library that also provides several tools and applications. OpenImageIO v2.3.19.0 suffers from a heap out-of-bounds read vulnerability when processing IPTC data. An attacker could exploit this vulnerability to read heap memory via specially crafted TIFF files, which could lead to sensitive process information disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openimageio openimageio 2. | eq | 3.19.0 |
Related
talos
talos
OpenImageIO TIFF file IPTC data information disclosure vulnerability
2022-12-22 00:00:00
cve
cve
CVE-2022-41649
2022-12-22 22:15:14
osv
osv
CVE-2022-41649
2022-12-22 22:15:14
openimageio - security update
2023-08-07 00:00:00
openimageio - security update
2023-04-10 00:00:00
ubuntucve
ubuntucve
CVE-2022-41649
2022-12-22 00:00:00
nvd
nvd
CVE-2022-41649
2022-12-22 22:15:14
prion
prion
Heap overflow
2022-12-22 22:15:00
debiancve
debiancve
CVE-2022-41649
2022-12-22 22:15:14
cvelist
cvelist
CVE-2022-41649
2022-12-22 00:00:00
debian
debian
[SECURITY] [DLA 3518-1] openimageio security update
2023-08-06 22:40:27
[SECURITY] [DSA 5384-1] openimageio security update
2023-04-10 09:18:20
openvas
openvas
Debian: Security Advisory (DLA-3518-1)
2023-08-08 00:00:00
Debian: Security Advisory (DSA-5384-1)
2023-04-11 00:00:00
nessus
nessus
Debian DLA-3518-1 : openimageio - LTS security update
2023-08-08 00:00:00
Debian DSA-5384-1 : openimageio - security update
2023-04-11 00:00:00
GLSA-202305-33 : OpenImageIO: Multiple Vulnerabilities
2023-05-30 00:00:00
talosblog
talosblog
gentoo
gentoo
OpenImageIO: Multiple Vulnerabilities
2023-05-30 00:00:00