{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T18:35:25.094","vulnerabilities":[{"cve":{"id":"CVE-2022-43597","sourceIdentifier":"talos-cna@cisco.com","published":"2022-12-22T22:15:16.410","lastModified":"2024-11-21T07:26:51.117","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`."},{"lang":"es","value":"Existen múltiples vulnerabilidades de corrupción de memoria en la funcionalidad de relleno de alineación IFFOutput del proyecto OpenImageIO OpenImageIO v2.4.4.2. Un objeto ImageOutput especialmente manipulado puede provocar la ejecución de código arbitrario. Un atacante puede proporcionar información maliciosa para desencadenar estas vulnerabilidades. Esta vulnerabilidad surge cuando `m_spec.format` es `TypeDesc::UINT8`."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openimageio:openimageio:2.4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"68FA2862-ED3E-4743-AFB0-0D23977A805D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://security.gentoo.org/glsa/202305-33","source":"talos-cna@cisco.com"},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5384","source":"talos-cna@cisco.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202305-33","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5384","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}