ID CVE-2017-9113
Summary In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:openexr:openexr:2.2.0
    cpe:2.3:a:openexr:openexr:2.2.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-189
CAPEC
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-274-01.NASL
    description New openexr packages are available for Slackware 14.2 and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 103570
    published 2017-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103570
    title Slackware 14.2 / current : openexr (SSA:2017-274-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-B152C791CC.NASL
    description This update fixes the following vulnerabilities: CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-28
    plugin id 107034
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107034
    title Fedora 27 : mingw-OpenEXR (2018-b152c791cc)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_803879E9419511E79B08080027EF73EC.NASL
    description Brandon Perry reports : [There] is a zip file of EXR images that cause segmentation faults in the OpenEXR library (tested against 2.2.0). - CVE-2017-9110 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. - CVE-2017-9111 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. - CVE-2017-9112 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. - CVE-2017-9113 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. - CVE-2017-9114 In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. - CVE-2017-9115 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. - CVE-2017-9116 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 100442
    published 2017-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100442
    title FreeBSD : OpenEXR -- multiple remote code execution and denial of service vulnerabilities (803879e9-4195-11e7-9b08-080027ef73ec)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-F5D2F4EC0D.NASL
    description This update fixes the following vulnerabilities: CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-28
    plugin id 107040
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107040
    title Fedora 26 : mingw-OpenEXR (2018-f5d2f4ec0d)
refmap via4
misc http://www.openwall.com/lists/oss-security/2017/05/12/5
Last major update 21-05-2017 - 14:29
Published 21-05-2017 - 14:29
Last modified 01-06-2017 - 14:06
Back to Top