Fluid Attacks Database

Description

A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	openimageio	>=0 <2.4.7.1+dfsg-2	2.4.7.1+dfsg-2
debian 11	openimageio	=2.2.10.1+dfsg-1 \|\| >=0 <2.2.10.1+dfsg-1+deb11u1	2.2.10.1+dfsg-1+deb11u1
debian 12	openimageio	>=0 <2.4.7.1+dfsg-2	2.4.7.1+dfsg-2
debian 14	openimageio	>=0 <2.4.7.1+dfsg-2	2.4.7.1+dfsg-2

Aliases

1. CVE-2022-435932. NVD-2022-435933. OSV-DEBIAN-2022-435934. OSV-2022-435935. SECURITY-TRACKER-CVE-2022-43593

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.