CVE-2022-36354

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openimageio:openimageio:2.3.19.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

17 Jul 2023, 17:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.debian.org/security/2023/dsa-5384', 'name': 'https://www.debian.org/security/2023/dsa-5384', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}~~ ~~{'url': 'https://security.gentoo.org/glsa/202305-33', 'name': 'https://security.gentoo.org/glsa/202305-33', 'tags': [], 'refsource': 'MISC'}~~

30 May 2023, 06:15

Type	Values Removed	Values Added
References		(MISC) https://security.gentoo.org/glsa/202305-33 -

15 May 2023, 16:07

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:a:openimageio:openimageio:2.3.19.0:::::::*
References		(MISC) https://www.debian.org/security/2023/dsa-5384 - Third Party Advisory
References	~~(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629 -~~	(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629 - Exploit, Third Party Advisory

22 Dec 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-22 22:15

Updated : 2024-02-04 23:14

NVD link : CVE-2022-36354

Mitre link : CVE-2022-36354

CVE.ORG link : CVE-2022-36354

JSON object : View

Products Affected

debian

debian_linux

openimageio

openimageio

CWE

CWE-193

Off-by-one Error

{"id": "CVE-2022-36354", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-12-22T22:15:13.363", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-193"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-193"}]}], "descriptions": [{"lang": "en", "value": "A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en el analizador de formato RLA de OpenImageIO master-branch-9aeece7a y v2.3.19.0. M\u00e1s espec\u00edficamente, en la forma en que se manejan los intervalos de bytes codificados de longitud de ejecuci\u00f3n. Un archivo RLA con formato incorrecto puede provocar una lectura fuera de los l\u00edmites de metadatos del mont\u00f3n, lo que puede provocar una fuga de informaci\u00f3n confidencial. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."}], "lastModified": "2023-07-17T17:15:09.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openimageio:openimageio:2.3.19.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06112B1B-FC3F-425D-A78A-F7B7FD8AC1F9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}