CVE-2020-11758

Vulnerability from cvelistv5

Published

2020-04-14 22:43

Modified

2024-08-04 11:41

Severity ?

Summary

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html	Mailing List, Third Party Advisory
cve@mitre.org	https://bugs.chromium.org/p/project-zero/issues/detail?id=1987	Exploit, Third Party Advisory
cve@mitre.org	https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020	Release Notes, Third Party Advisory
cve@mitre.org	https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1	Release Notes, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
cve@mitre.org	https://security.gentoo.org/glsa/202107-27	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT211288	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT211289	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT211290	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT211291	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT211293	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT211294	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT211295	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4339-1/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4755	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.chromium.org/p/project-zero/issues/detail?id=1987	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-27	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211288	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211289	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211290	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211291	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211293	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211294	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT211295	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4339-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4755	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:41:59.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
          },
          {
            "name": "USN-4339-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4339-1/"
          },
          {
            "name": "FEDORA-2020-e244f22a51",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
          },
          {
            "name": "openSUSE-SU-2020:0682",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211288"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211290"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211289"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211291"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211293"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211295"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211294"
          },
          {
            "name": "DSA-4755",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4755"
          },
          {
            "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
          },
          {
            "name": "GLSA-202107-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-27"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-11T03:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
        },
        {
          "name": "USN-4339-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4339-1/"
        },
        {
          "name": "FEDORA-2020-e244f22a51",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
        },
        {
          "name": "openSUSE-SU-2020:0682",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211288"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211290"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211289"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211291"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211293"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211295"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211294"
        },
        {
          "name": "DSA-4755",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4755"
        },
        {
          "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
        },
        {
          "name": "GLSA-202107-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-27"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11758",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
              "refsource": "MISC",
              "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1"
            },
            {
              "name": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
              "refsource": "MISC",
              "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
            },
            {
              "name": "USN-4339-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4339-1/"
            },
            {
              "name": "FEDORA-2020-e244f22a51",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
            },
            {
              "name": "openSUSE-SU-2020:0682",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html"
            },
            {
              "name": "https://support.apple.com/kb/HT211288",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211288"
            },
            {
              "name": "https://support.apple.com/kb/HT211290",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211290"
            },
            {
              "name": "https://support.apple.com/kb/HT211289",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211289"
            },
            {
              "name": "https://support.apple.com/kb/HT211291",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211291"
            },
            {
              "name": "https://support.apple.com/kb/HT211293",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211293"
            },
            {
              "name": "https://support.apple.com/kb/HT211295",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211295"
            },
            {
              "name": "https://support.apple.com/kb/HT211294",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211294"
            },
            {
              "name": "DSA-4755",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4755"
            },
            {
              "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
            },
            {
              "name": "GLSA-202107-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-27"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11758",
    "datePublished": "2020-04-14T22:43:18",
    "dateReserved": "2020-04-14T00:00:00",
    "dateUpdated": "2024-08-04T11:41:59.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-11758\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-04-14T23:15:12.167\",\"lastModified\":\"2024-11-21T04:58:32.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de l\u00edmites en el archivo ImfOptimizedPixelReading.h.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.1\",\"matchCriteriaId\":\"57A8F73B-345B-48BD-8D9B-92AD24033265\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"7.20\",\"matchCriteriaId\":\"5B3BB46F-F586-4A2B-91C6-4D3AA226B478\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"354F932A-81A0-4C4F-91C0-8C76C72CC4E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.10.8\",\"matchCriteriaId\":\"B626717E-0DED-4C76-B92D-D58AB27EED01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"87D68071-5235-4B50-90F0-B55B0C668840\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"0639A5DE-4A59-4F10-A0E7-F6B933E44D47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.6\",\"matchCriteriaId\":\"FD0ACF42-C643-4DED-ADF7-4FA29B7578F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.13.0\",\"versionEndExcluding\":\"10.13.6\",\"matchCriteriaId\":\"2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.14.0\",\"versionEndExcluding\":\"10.14.6\",\"matchCriteriaId\":\"3E76BECE-0843-4B9F-90DE-7690764701B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"297D2D0C-EA9D-4B2C-9357-D88DB6C7143A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D845143-1B4D-478B-B83E-8F1664CBCAC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"754A2DF4-8724-4448-A2AB-AC5442029CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"D392C777-1949-4920-B459-D083228E4688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"68B0A232-F2A4-4B87-99EB-3A532DFA87DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF528F7-0F1E-4E55-A088-91327E3C360C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*\",\"matchCriteriaId\":\"E222445A-D398-47C8-9639-4BAE36B69AA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*\",\"matchCriteriaId\":\"9425DAC8-038D-4B09-A074-3780AED912FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EA63C1C-1EEC-4961-A7B7-439D21293B99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2F5D631-2306-4526-BEE5-22456D95ABAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"F79B7361-F2F2-4FA6-A27D-CC8F2D37A726\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"09FA5087-C576-483F-B660-F9D155933CC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:supplemental_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F7E284D-75F5-43E8-ABD4-13DD4F3945F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE26ECC-A2C2-4501-9950-510DE0E1BD86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"26108BEF-0847-4AB0-BD98-35344DFA7835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*\",\"matchCriteriaId\":\"A369D48B-6A0A-47AE-9513-D5E2E6F30931\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*\",\"matchCriteriaId\":\"510F8317-94DA-498E-927A-83D5F41AF54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D5D1970-6D2A-42CA-A203-42023D71730D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*\",\"matchCriteriaId\":\"C68AE52B-5139-40A4-AE9A-E752DBF07D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FD3467D-7679-479F-9C0B-A93F7CD0929D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C6098E-EDBD-4A85-8282-B2E9D9333872\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"518BB47B-DD76-4E8C-9F10-7EBC1E146191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C88BD98-46F5-447F-963A-FB9B167E31BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7A0615B-D958-4BBF-B53F-AA839A0FE845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4.8\",\"matchCriteriaId\":\"888463CA-9C67-46B2-B197-DDD3A668F980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.8\",\"matchCriteriaId\":\"494FA012-A268-42FC-B023-2A10817B1096\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1987\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202107-27\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211288\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211289\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211290\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211293\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211294\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211295\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4339-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4755\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4339-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

gsd-2020-11758

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

Aliases

CVE-2020-11758

Aliases

CVE-2020-11758

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-11758",
    "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.",
    "id": "GSD-2020-11758",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-11758.html",
      "https://www.debian.org/security/2020/dsa-4755",
      "https://ubuntu.com/security/CVE-2020-11758",
      "https://advisories.mageia.org/CVE-2020-11758.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-11758"
      ],
      "details": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.",
      "id": "GSD-2020-11758",
      "modified": "2023-12-13T01:22:06.693722Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-11758",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
            "refsource": "MISC",
            "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1"
          },
          {
            "name": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
            "refsource": "MISC",
            "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020"
          },
          {
            "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
            "refsource": "MISC",
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
          },
          {
            "name": "USN-4339-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4339-1/"
          },
          {
            "name": "FEDORA-2020-e244f22a51",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
          },
          {
            "name": "openSUSE-SU-2020:0682",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html"
          },
          {
            "name": "https://support.apple.com/kb/HT211288",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211288"
          },
          {
            "name": "https://support.apple.com/kb/HT211290",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211290"
          },
          {
            "name": "https://support.apple.com/kb/HT211289",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211289"
          },
          {
            "name": "https://support.apple.com/kb/HT211291",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211291"
          },
          {
            "name": "https://support.apple.com/kb/HT211293",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211293"
          },
          {
            "name": "https://support.apple.com/kb/HT211295",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211295"
          },
          {
            "name": "https://support.apple.com/kb/HT211294",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT211294"
          },
          {
            "name": "DSA-4755",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4755"
          },
          {
            "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
          },
          {
            "name": "GLSA-202107-27",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202107-27"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.4.1",
          "affected_versions": "All versions before 2.4.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-125",
            "CWE-937"
          ],
          "date": "2021-07-11",
          "description": "There is an out-of-bounds read in `ImfOptimizedPixelReading.h`.",
          "fixed_versions": [
            "2.5.2"
          ],
          "identifier": "CVE-2020-11758",
          "identifiers": [
            "CVE-2020-11758"
          ],
          "not_impacted": "All versions starting from 2.4.1",
          "package_slug": "conan/openexr",
          "pubdate": "2020-04-14",
          "solution": "Upgrade to version 2.5.2 or above.",
          "title": "Out-of-bounds Read",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-11758"
          ],
          "uuid": "f8b33d9f-b5c7-452d-8f00-0a860890f3f8"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.10.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.13.6",
                "versionStartIncluding": "10.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14.6",
                "versionStartIncluding": "10.14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11758"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1"
            },
            {
              "name": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
            },
            {
              "name": "USN-4339-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4339-1/"
            },
            {
              "name": "FEDORA-2020-e244f22a51",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
            },
            {
              "name": "openSUSE-SU-2020:0682",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html"
            },
            {
              "name": "DSA-4755",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4755"
            },
            {
              "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
            },
            {
              "name": "https://support.apple.com/kb/HT211293",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211293"
            },
            {
              "name": "https://support.apple.com/kb/HT211290",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211290"
            },
            {
              "name": "https://support.apple.com/kb/HT211291",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211291"
            },
            {
              "name": "https://support.apple.com/kb/HT211288",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211288"
            },
            {
              "name": "https://support.apple.com/kb/HT211289",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211289"
            },
            {
              "name": "https://support.apple.com/kb/HT211294",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211294"
            },
            {
              "name": "https://support.apple.com/kb/HT211295",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT211295"
            },
            {
              "name": "GLSA-202107-27",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202107-27"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-01-09T16:41Z",
      "publishedDate": "2020-04-14T23:15Z"
    }
  }
}

ghsa-46h8-9xpr-rf6w

Vulnerability from github

Published

2022-05-24 17:14

Modified

2022-05-24 17:14

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-11758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-14T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.",
  "id": "GHSA-46h8-9xpr-rf6w",
  "modified": "2022-05-24T17:14:41Z",
  "published": "2022-05-24T17:14:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11758"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-27"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211288"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211289"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211290"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211291"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211293"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211294"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211295"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4339-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4755"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the ImfOptimizedPixelReading.h file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27

                                       https://security.gentoo.org/

Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27

Synopsis

Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.

Background

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/openexr < 2.5.6 >= 2.5.6

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"

References

[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202107-27

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. ========================================================================== Ubuntu Security Notice USN-4339-1 April 27, 2020

openexr vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 20.04
Ubuntu 19.10
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenEXR.

Software Description: - openexr: tools for the OpenEXR image format

Details:

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)

Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)

Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04: libopenexr24 2.3.0-6ubuntu0.1 openexr 2.3.0-6ubuntu0.1

Ubuntu 19.10: libopenexr23 2.2.1-4.1ubuntu1.1 openexr 2.2.1-4.1ubuntu1.1

Ubuntu 18.04 LTS: libopenexr22 2.2.0-11.1ubuntu1.2 openexr 2.2.0-11.1ubuntu1.2

Ubuntu 16.04 LTS: libopenexr22 2.2.0-10ubuntu2.2 openexr 2.2.0-10ubuntu2.2

In general, a standard system update will make all the necessary changes.

References: https://usn.ubuntu.com/4339-1 CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765

Package Information: https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1 https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1 https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2 https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2

For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0468",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.10.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.20"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.4.8"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.6"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "openexr",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openexr",
        "version": "2.4.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.6"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.6"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.13.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "20.04"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.13.6"
      },
      {
        "model": "icloud",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.13.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "19.10"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.2.8"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "openexr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openexr",
        "version": "2.4.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11758"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:openexr:openexr",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "157403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-11758",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-11758",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004026",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-164368",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-11758",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004026",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-11758",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004026",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-944",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-164368",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-11758",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-164368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11758"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the ImfOptimizedPixelReading.h file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenEXR: Multiple vulnerabilities\n     Date: July 11, 2021\n     Bugs: #717474, #746794, #762862, #770229, #776808\n       ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light \u0026 Magic for use in computer imaging applications. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/openexr           \u003c 2.5.6                    \u003e= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[  1 ] CVE-2020-11758\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[  2 ] CVE-2020-11759\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[  3 ] CVE-2020-11760\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[  4 ] CVE-2020-11761\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[  5 ] CVE-2020-11762\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[  6 ] CVE-2020-11763\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[  7 ] CVE-2020-11764\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[  8 ] CVE-2020-11765\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[  9 ] CVE-2020-15304\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n       https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. ==========================================================================\nUbuntu Security Notice USN-4339-1\nApril 27, 2020\n\nopenexr vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenEXR. \n\nSoftware Description:\n- openexr: tools for the OpenEXR image format\n\nDetails:\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image file,\na remote attacker could cause a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2018-18444)\n\nSamuel Gro\u00df discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760,\nCVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service. (CVE-2020-11765)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04:\n  libopenexr24                    2.3.0-6ubuntu0.1\n  openexr                         2.3.0-6ubuntu0.1\n\nUbuntu 19.10:\n  libopenexr23                    2.2.1-4.1ubuntu1.1\n  openexr                         2.2.1-4.1ubuntu1.1\n\nUbuntu 18.04 LTS:\n  libopenexr22                    2.2.0-11.1ubuntu1.2\n  openexr                         2.2.0-11.1ubuntu1.2\n\nUbuntu 16.04 LTS:\n  libopenexr22                    2.2.0-10ubuntu2.2\n  openexr                         2.2.0-10ubuntu2.2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://usn.ubuntu.com/4339-1\n  CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444,\n  CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761,\n  CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1\n  https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1\n  https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2\n  https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-11758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11758"
      },
      {
        "db": "PACKETSTORM",
        "id": "163465"
      },
      {
        "db": "PACKETSTORM",
        "id": "157403"
      },
      {
        "db": "PACKETSTORM",
        "id": "168903"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-11758",
        "trust": 2.9
      },
      {
        "db": "PACKETSTORM",
        "id": "163465",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-944",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "157403",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021071101",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "50011",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1816",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1448",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2985",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-24151",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-164368",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11758",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168903",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-164368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "db": "PACKETSTORM",
        "id": "163465"
      },
      {
        "db": "PACKETSTORM",
        "id": "157403"
      },
      {
        "db": "PACKETSTORM",
        "id": "168903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11758"
      }
    ]
  },
  "id": "VAR-202004-0468",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-164368"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:53:21.490000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenEXR Release Notes",
        "trust": 0.8,
        "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020"
      },
      {
        "title": "v2.4.1",
        "trust": 0.8,
        "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1"
      },
      {
        "title": "Industrial Light and Magic OpenEXR Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116435"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=c611c9f78ad3458919de1d9728e6b32b"
      },
      {
        "title": "Ubuntu Security Notice: openexr vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4339-1"
      },
      {
        "title": "Debian Security Advisories: DSA-4755-1 openexr -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9325b22b993ac0e61f53dccb8f346da4"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-11758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-164368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11758"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/4339-1/"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht211288"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht211289"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht211290"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht211291"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht211293"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht211294"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht211295"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2020/dsa-4755"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202107-27"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11758"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11758"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2985/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211291"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157403/ubuntu-security-notice-usn-4339-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1448/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211295"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1816/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/50011"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021071101"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11761"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11765"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11762"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15305"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11763"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15306"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11764"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11759"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11760"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9111"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3476"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3479"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15304"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3474"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3475"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3477"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18444"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4339-1"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openexr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9115"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9113"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9114"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-164368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "db": "PACKETSTORM",
        "id": "163465"
      },
      {
        "db": "PACKETSTORM",
        "id": "157403"
      },
      {
        "db": "PACKETSTORM",
        "id": "168903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11758"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-164368"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "db": "PACKETSTORM",
        "id": "163465"
      },
      {
        "db": "PACKETSTORM",
        "id": "157403"
      },
      {
        "db": "PACKETSTORM",
        "id": "168903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11758"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-164368"
      },
      {
        "date": "2020-04-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-11758"
      },
      {
        "date": "2020-05-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "date": "2021-07-12T15:22:22",
        "db": "PACKETSTORM",
        "id": "163465"
      },
      {
        "date": "2020-04-27T15:19:30",
        "db": "PACKETSTORM",
        "id": "157403"
      },
      {
        "date": "2020-08-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168903"
      },
      {
        "date": "2020-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2020-04-14T23:15:12.167000",
        "db": "NVD",
        "id": "CVE-2020-11758"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-164368"
      },
      {
        "date": "2020-09-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-11758"
      },
      {
        "date": "2020-05-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      },
      {
        "date": "2022-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2024-11-21T04:58:32.430000",
        "db": "NVD",
        "id": "CVE-2020-11758"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenEXR Out-of-bounds read vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004026"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-944"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-11758

Vulnerability from cvelistv5

gsd-2020-11758

Vulnerability from gsd

ghsa-46h8-9xpr-rf6w

Vulnerability from github

var-202004-0468

Vulnerability from variot

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

openexr vulnerabilities

Tags

Sightings

Nomenclature