Lucene search

MitreCVE-2023-36183

HistoryJul 03, 2023 - 9:15 p.m.

CVE-2023-36183

2023-07-0321:15:09

CWE-120

mitre

web.nvd.nist.gov

cve-2023-36183

buffer overflow

openimageio

remote code execution

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.

Affected configurations

Nvd

Node

openimageioopenimageioRange≤2.4.12.0

VendorProductVersionCPE
openimageioopenimageio*cpe:2.3:a:openimageio:openimageio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openimageio	openimageio	*	cpe:2.3:a:openimageio:openimageio::::::::

References

github.com/OpenImageIO/oiio/issues/3871

lists.debian.org/debian-lts-announce/2023/08/msg00005.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPHVMLS2LYMLURWFL7CMZ3Y7UMW3M4AW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYFTS5LK725R6KVIYJVTPN3A6B6C7E6D/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Related for CVE-2023-36183