CVE-2022-41999

2022-12-2222:15:16

CWE-476

[email protected]

web.nvd.nist.gov

denial of service

openimageio

cve-2022-41999

nvd

dds

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Vulners

NVD

Node

openimageioopenimageioRange≤v2.3.19.0

openimageioopenimageioRange≤v2.4.4.2

CPENameOperatorVersion
openimageio:openimageioopenimageioeq2.3.19.0
openimageio:openimageioopenimageioeq2.4.4.2

CPE	Name	Operator	Version
openimageio:openimageio	openimageio	eq	2.3.19.0
openimageio:openimageio	openimageio	eq	2.4.4.2

CNA Affected

[
  {
    "vendor": "OpenImageIO Project",
    "product": "OpenImageIO",
    "versions": [
      {
        "version": "v2.3.19.0",
        "status": "affected"
      },
      {
        "version": "v2.4.4.2",
        "status": "affected"
      }
    ]
  }
]