Vulnerability Details CVE-2022-43592
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.5%
CVSS Severity
CVSS v3 Score 5.9
References
- https://security.gentoo.org/glsa/202305-33
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
- https://www.debian.org/security/2023/dsa-5384
- https://security.gentoo.org/glsa/202305-33
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
- https://www.debian.org/security/2023/dsa-5384
Products affected by CVE-2022-43592
-
cpe:2.3:a:openimageio:openimageio:2.4.4.2
-
cpe:2.3:o:debian:debian_linux:11.0