CVE-2023-42295

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 23, 2023

Updated: Oct 28, 2023

CWE ID 190

Summary

CVE-2023-42295 is a newly discovered vulnerability affecting OpenImageIO (oiio) version 2.4.12.0. An issue exists within the 'read_rle_image' function of the 'bifs/unquantize.c' file, which permits a remote attacker to execute arbitrary code and induce a denial of service. This vulnerability poses a significant risk, as an attacker can exploit it to gain unauthorized access to affected systems or cause them to crash. System administrators are urged to update to the latest version of OpenImageIO to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenImageIO

Affected Vendors

Openimageio

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/snx--K
https://www.cve.org/CVERecord?id=CVE-2023-42295
https://nvd.nist.gov/vuln/detail/CVE-2023-42295

Back to Vulnerability Database