Vulnerabilities > CVE-2023-22845 - Unspecified vulnerability in Openimageio 2.4.7.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

openimageio

NVD

Published: 2023-03-30

Updated: 2024-11-21

Summary

An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Openimageio Openimageio Openimageio 2.4.7.1	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1708