DEBIAN-CVE-2022-43600
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-43600
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-43600.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-43600
- Upstream
- Published
- 2022-12-22T22:15:16Z
- Modified
- 2025-09-17T12:08:51.293450Z
- Summary
- [none]
- Details
-
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the
xmaxvariable is set to 0xFFFF andm_spec.formatisTypeDesc::UINT16 - References
Affected packages
Debian:11 / openimageio
Package
- Name
- openimageio
- Purl
- pkg:deb/debian/openimageio?arch=source
Debian:12 / openimageio
Package
- Name
- openimageio
- Purl
- pkg:deb/debian/openimageio?arch=source
Debian:13 / openimageio
Package
- Name
- openimageio
- Purl
- pkg:deb/debian/openimageio?arch=source
Debian:14 / openimageio
Package
- Name
- openimageio
- Purl
- pkg:deb/debian/openimageio?arch=source