CVE-2017-9115 - In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the ap

CVE-2017-9115

Summary

In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.

References

Vulnerable Configurations

cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://github.com/openexr/openexr/issues/232 https://github.com/openexr/openexr/pull/233 https://github.com/openexr/openexr/releases/tag/v2.2.1
debian	DSA-4755
misc	http://www.openwall.com/lists/oss-security/2017/05/12/5
mlist	[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update
suse	openSUSE-SU-2019:1816 openSUSE-SU-2019:1826
ubuntu	USN-4148-1 USN-4339-1

Last major update

30-08-2020 - 22:15

Published

21-05-2017 - 18:29

Last modified

30-08-2020 - 22:15