Fluid Attacks Database

Description

An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	openimageio	=2.2.10.1+dfsg-1 \|\| >=0 <2.2.10.1+dfsg-1+deb11u1	2.2.10.1+dfsg-1+deb11u1
debian 12	openimageio	>=0 <2.3.21.0+dfsg-1	2.3.21.0+dfsg-1
debian 13	openimageio	>=0 <2.3.21.0+dfsg-1	2.3.21.0+dfsg-1
debian 14	openimageio	>=0 <2.3.21.0+dfsg-1	2.3.21.0+dfsg-1

Aliases

1. CVE-2022-419772. NVD-2022-419773. OSV-DEBIAN-2022-419774. OSV-2022-419775. SECURITY-TRACKER-CVE-2022-41977

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.