How severe is CVE-2022-36354?

CVE-2022-36354 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2022-36354

Name: debian_linux
Author: debian

5.3MEDIUM

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A

公開日: 12/22/2022更新日: 11/21/2024

説明

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.

AI分析AIによる分析

影響を受ける製品

openimageioopenimageio

2.3.19.0

debiandebian_linux

11.0

参照

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629
ExploitThird Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629
ExploitThird Party Advisory