CVE-2023-42299
Summary
A buffer overflow vulnerability has been identified in OpenImageIO version 2.4.12.0. This vulnerability, located in the `read_subimage_data` function, can be exploited by remote attackers to execute arbitrary code and cause a denial of service.
IFF Assessment
FOE
This vulnerability allows for remote code execution and denial of service, posing a direct threat to systems and data.
Severity
9.8
Critical
Defender Context
Defenders should prioritize patching or updating OpenImageIO to address this critical vulnerability, especially if they handle image processing. Monitoring for exploitation attempts targeting the `read_subimage_data` function is also crucial.