CVE-2023-3430

2023-12-1814:15:08

CWE-787

CWE-122

redhat

web.nvd.nist.gov

openimageio

cve-2023-3430

vulnerability

heap buffer overflow

denial of service

nvd

security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.

Affected configurations

Nvd

Node

openimageioopenimageioMatch2.4.11

AND

redhatlinuxMatch-

VendorProductVersionCPE
openimageioopenimageio2.4.11cpe:2.3:a:openimageio:openimageio:2.4.11:*:*:*:*:*:*:*
redhatlinux-cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openimageio	openimageio	2.4.11	cpe:2.3:a:openimageio:openimageio:2.4.11:::::::*
redhat	linux	-	cpe:2.3:o:redhat:linux:-:::::::*

CNA Affected

[
  {
    "product": "OpenImageIO",
    "vendor": "n/a",
    "versions": [
      {
        "version": "2.4.12.0",
        "status": "unaffected"
      }
    ]
  },
  {
    "product": "Extra Packages for Enterprise Linux",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "OpenImageIO",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "OpenImageIO",
    "defaultStatus": "affected"
  }
]