Vulnerability Details CVE-2022-36354
A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.7%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2022-36354
-
cpe:2.3:a:openimageio:openimageio:2.3.19.0
-
cpe:2.3:o:debian:debian_linux:11.0