CVE-2022-38143

A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:openimageio:openimageio:2.3.19.0:*:*:*:*:*:*:*

History

01 Feb 2024, 18:02

Type Values Removed Values Added
References (MISC) https://security.gentoo.org/glsa/202305-33 - (MISC) https://security.gentoo.org/glsa/202305-33 - Third Party Advisory

30 May 2023, 06:15

Type Values Removed Values Added
References
  • (MISC) https://security.gentoo.org/glsa/202305-33 -
CWE CWE-787 CWE-123

15 May 2023, 16:07

Type Values Removed Values Added
CPE cpe:2.3:a:openimageio_project:openimageio:2.3.19.0:*:*:*:*:*:*:* cpe:2.3:a:openimageio:openimageio:2.3.19.0:*:*:*:*:*:*:*

28 Feb 2023, 18:35

Type Values Removed Values Added
References (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630 - (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630 - Exploit, Third Party Advisory
CPE cpe:2.3:a:openimageio_project:openimageio:2.3.19.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-123 CWE-787

22 Dec 2022, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-22 22:15

Updated : 2024-02-04 23:14


NVD link : CVE-2022-38143

Mitre link : CVE-2022-38143

CVE.ORG link : CVE-2022-38143


JSON object : View

Products Affected

openimageio

  • openimageio
CWE
CWE-123

Write-what-where Condition

CWE-787

Out-of-bounds Write