Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7qu3-7jbx-nydz
Vulnerability ID VCID-7qu3-7jbx-nydz
Aliases CVE-2022-43592
Summary An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 4.1
Risk 2.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2022-43592
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2022-43592
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2022-43592
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2022-43592
cvssv3 5.9 https://security.gentoo.org/glsa/202305-33
ssvc Track https://security.gentoo.org/glsa/202305-33
cvssv3 5.9 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
ssvc Track https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
cvssv3 5.9 https://www.debian.org/security/2023/dsa-5384
ssvc Track https://www.debian.org/security/2023/dsa-5384
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-43592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36354
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43603
1027143 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027143
202305-33 https://security.gentoo.org/glsa/202305-33
dsa-5384 https://www.debian.org/security/2023/dsa-5384
TALOS-2022-1651 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/202305-33
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T19:00:20Z/ Found at https://security.gentoo.org/glsa/202305-33
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T19:00:20Z/ Found at https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5384
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T19:00:20Z/ Found at https://www.debian.org/security/2023/dsa-5384
Exploit Prediction Scoring System (EPSS)
Percentile 0.71136
EPSS Score 0.00643
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:36:01.224212+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2022/43xxx/CVE-2022-43592.json 38.6.0