Vulnerabilites related to openexr - openexr
cve-2020-15306
Vulnerability from cvelistv5
Published
2020-06-26 00:38
Modified
2024-08-04 13:15
Severity ?
Summary
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:15:20.087Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/pull/738",
               },
               {
                  name: "FEDORA-2020-8394f7fd12",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
               },
               {
                  name: "FEDORA-2020-a9a0f8f6cd",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
               },
               {
                  name: "USN-4418-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4418-1/",
               },
               {
                  name: "openSUSE-SU-2020:0970",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
               },
               {
                  name: "openSUSE-SU-2020:1015",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:19",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/pull/738",
            },
            {
               name: "FEDORA-2020-8394f7fd12",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
            },
            {
               name: "FEDORA-2020-a9a0f8f6cd",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
            },
            {
               name: "USN-4418-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4418-1/",
            },
            {
               name: "openSUSE-SU-2020:0970",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
            },
            {
               name: "openSUSE-SU-2020:1015",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-15306",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/pull/738",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/pull/738",
                  },
                  {
                     name: "FEDORA-2020-8394f7fd12",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
                  },
                  {
                     name: "FEDORA-2020-a9a0f8f6cd",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
                  },
                  {
                     name: "USN-4418-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4418-1/",
                  },
                  {
                     name: "openSUSE-SU-2020:0970",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1015",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-15306",
      datePublished: "2020-06-26T00:38:02",
      dateReserved: "2020-06-26T00:00:00",
      dateUpdated: "2024-08-04T13:15:20.087Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-16589
Vulnerability from cvelistv5
Published
2020-12-09 00:00
Modified
2024-08-04 13:45
Severity ?
Summary
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:45:33.134Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/issues/494",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/issues/494",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-16589",
      datePublished: "2020-12-09T00:00:00",
      dateReserved: "2020-08-03T00:00:00",
      dateUpdated: "2024-08-04T13:45:33.134Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-9114
Vulnerability from cvelistv5
Published
2017-05-21 18:00
Modified
2024-08-05 16:55
Severity ?
Summary
In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:55:22.239Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/issues/232",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/pull/233",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-05-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-30T21:06:09",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/issues/232",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/pull/233",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-9114",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                  },
                  {
                     name: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                  },
                  {
                     name: "https://github.com/openexr/openexr/issues/232",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/issues/232",
                  },
                  {
                     name: "https://github.com/openexr/openexr/pull/233",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/pull/233",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-9114",
      datePublished: "2017-05-21T18:00:00",
      dateReserved: "2017-05-21T00:00:00",
      dateUpdated: "2024-08-05T16:55:22.239Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20300
Vulnerability from cvelistv5
Published
2022-03-04 00:00
Modified
2024-08-03 17:37
Severity ?
Summary
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: Fixed in v2.5.4 and beyond.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:37:23.704Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939153",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/pull/836",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in v2.5.4 and beyond.",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190 - Integer Overflow or Wraparound",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939153",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/pull/836",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-20300",
      datePublished: "2022-03-04T00:00:00",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:37:23.704Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11761
Vulnerability from cvelistv5
Published
2020-04-14 22:42
Modified
2024-08-04 11:42
Severity ?
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:42:00.425Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "FEDORA-2020-e244f22a51",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
               },
               {
                  name: "openSUSE-SU-2020:0682",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211288",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211290",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211289",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211291",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211293",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211295",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211294",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "FEDORA-2020-e244f22a51",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
            },
            {
               name: "openSUSE-SU-2020:0682",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211288",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211290",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211289",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211291",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211293",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211295",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211294",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11761",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                  },
                  {
                     name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "FEDORA-2020-e244f22a51",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
                  },
                  {
                     name: "openSUSE-SU-2020:0682",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211288",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211288",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211290",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211290",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211289",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211289",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211291",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211291",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211293",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211293",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211295",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211295",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211294",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211294",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11761",
      datePublished: "2020-04-14T22:42:31",
      dateReserved: "2020-04-14T00:00:00",
      dateUpdated: "2024-08-04T11:42:00.425Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-1722
Vulnerability from cvelistv5
Published
2009-07-31 18:29
Modified
2024-08-07 05:20
Severity ?
Summary
Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:20:35.419Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT3757",
               },
               {
                  name: "MDVSA-2009:191",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
               },
               {
                  name: "36753",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36753",
               },
               {
                  name: "ADV-2009-2035",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/2035",
               },
               {
                  name: "36096",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36096",
               },
               {
                  name: "DSA-1842",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2009/dsa-1842",
               },
               {
                  name: "36032",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36032",
               },
               {
                  name: "APPLE-SA-2009-08-05-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
               },
               {
                  name: "35838",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/35838",
               },
               {
                  name: "1022674",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1022674",
               },
               {
                  name: "USN-831-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-831-1",
               },
               {
                  name: "ADV-2009-2172",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/2172",
               },
               {
                  name: "TA09-218A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-07-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-09-23T16:39:57",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT3757",
            },
            {
               name: "MDVSA-2009:191",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
            },
            {
               name: "36753",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36753",
            },
            {
               name: "ADV-2009-2035",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/2035",
            },
            {
               name: "36096",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36096",
            },
            {
               name: "DSA-1842",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2009/dsa-1842",
            },
            {
               name: "36032",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36032",
            },
            {
               name: "APPLE-SA-2009-08-05-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
            },
            {
               name: "35838",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/35838",
            },
            {
               name: "1022674",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1022674",
            },
            {
               name: "USN-831-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-831-1",
            },
            {
               name: "ADV-2009-2172",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/2172",
            },
            {
               name: "TA09-218A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-1722",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://support.apple.com/kb/HT3757",
                     refsource: "CONFIRM",
                     url: "http://support.apple.com/kb/HT3757",
                  },
                  {
                     name: "MDVSA-2009:191",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
                  },
                  {
                     name: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
                     refsource: "CONFIRM",
                     url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
                  },
                  {
                     name: "36753",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36753",
                  },
                  {
                     name: "ADV-2009-2035",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/2035",
                  },
                  {
                     name: "36096",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36096",
                  },
                  {
                     name: "DSA-1842",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2009/dsa-1842",
                  },
                  {
                     name: "36032",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36032",
                  },
                  {
                     name: "APPLE-SA-2009-08-05-1",
                     refsource: "APPLE",
                     url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
                  },
                  {
                     name: "35838",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/35838",
                  },
                  {
                     name: "1022674",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1022674",
                  },
                  {
                     name: "USN-831-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-831-1",
                  },
                  {
                     name: "ADV-2009-2172",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/2172",
                  },
                  {
                     name: "TA09-218A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
                  },
                  {
                     name: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-1722",
      datePublished: "2009-07-31T18:29:00",
      dateReserved: "2009-05-20T00:00:00",
      dateUpdated: "2024-08-07T05:20:35.419Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11760
Vulnerability from cvelistv5
Published
2020-04-14 22:42
Modified
2024-08-04 11:41
Severity ?
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:41:59.458Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "FEDORA-2020-e244f22a51",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
               },
               {
                  name: "openSUSE-SU-2020:0682",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211288",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211290",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211289",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211291",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211293",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211295",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211294",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:31",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "FEDORA-2020-e244f22a51",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
            },
            {
               name: "openSUSE-SU-2020:0682",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211288",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211290",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211289",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211291",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211293",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211295",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211294",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11760",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                  },
                  {
                     name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "FEDORA-2020-e244f22a51",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
                  },
                  {
                     name: "openSUSE-SU-2020:0682",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211288",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211288",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211290",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211290",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211289",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211289",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211291",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211291",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211293",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211293",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211295",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211295",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211294",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211294",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11760",
      datePublished: "2020-04-14T22:42:50",
      dateReserved: "2020-04-14T00:00:00",
      dateUpdated: "2024-08-04T11:41:59.458Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11765
Vulnerability from cvelistv5
Published
2020-04-14 22:41
Modified
2024-08-04 11:41
Severity ?
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:41:59.514Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "FEDORA-2020-e244f22a51",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
               },
               {
                  name: "openSUSE-SU-2020:0682",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211288",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211290",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211289",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211291",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211293",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211295",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211294",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:49",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "FEDORA-2020-e244f22a51",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
            },
            {
               name: "openSUSE-SU-2020:0682",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211288",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211290",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211289",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211291",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211293",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211295",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211294",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11765",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                  },
                  {
                     name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "FEDORA-2020-e244f22a51",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
                  },
                  {
                     name: "openSUSE-SU-2020:0682",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211288",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211288",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211290",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211290",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211289",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211289",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211291",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211291",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211293",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211293",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211295",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211295",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211294",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211294",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11765",
      datePublished: "2020-04-14T22:41:03",
      dateReserved: "2020-04-14T00:00:00",
      dateUpdated: "2024-08-04T11:41:59.514Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20298
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 17:37
Severity ?
Summary
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: Fixed in OpenEXR 3.0.0-beta
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:37:23.785Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/pull/843",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939156",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2021-20298",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in OpenEXR 3.0.0-beta",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400 - Uncontrolled Resource Consumption",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/pull/843",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939156",
            },
            {
               url: "https://access.redhat.com/security/cve/CVE-2021-20298",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-20298",
      datePublished: "2022-08-23T00:00:00",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:37:23.785Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3477
Vulnerability from cvelistv5
Published
2021-03-31 00:00
Modified
2024-08-03 16:53
Severity ?
Summary
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.0-beta
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:53:17.607Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939159",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.0-beta",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190->CWE-125",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939159",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3477",
      datePublished: "2021-03-31T00:00:00",
      dateReserved: "2021-03-30T00:00:00",
      dateUpdated: "2024-08-03T16:53:17.607Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-26945
Vulnerability from cvelistv5
Published
2021-06-08 11:39
Modified
2024-08-03 20:33
Severity ?
Summary
An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
References
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T20:33:41.491Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947591",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-06-08T11:39:06",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947591",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2021-26945",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "OpenEXR",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "OpenEXR 3.0.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-400",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1947591",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947591",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-26945",
      datePublished: "2021-06-08T11:39:06",
      dateReserved: "2021-04-22T00:00:00",
      dateUpdated: "2024-08-03T20:33:41.491Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-12596
Vulnerability from cvelistv5
Published
2017-08-07 01:00
Modified
2024-08-05 18:43
Severity ?
Summary
In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T18:43:56.127Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/xiaoqx/pocs/blob/master/openexr.md",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/issues/238",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/releases/tag/v2.3.0",
               },
               {
                  name: "USN-4148-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4148-1/",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-08-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-30T21:06:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/xiaoqx/pocs/blob/master/openexr.md",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/openexr/openexr/issues/238",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/releases/tag/v2.3.0",
            },
            {
               name: "USN-4148-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4148-1/",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-12596",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/xiaoqx/pocs/blob/master/openexr.md",
                     refsource: "MISC",
                     url: "https://github.com/xiaoqx/pocs/blob/master/openexr.md",
                  },
                  {
                     name: "https://github.com/openexr/openexr/issues/238",
                     refsource: "MISC",
                     url: "https://github.com/openexr/openexr/issues/238",
                  },
                  {
                     name: "https://github.com/openexr/openexr/releases/tag/v2.3.0",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/releases/tag/v2.3.0",
                  },
                  {
                     name: "USN-4148-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4148-1/",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-12596",
      datePublished: "2017-08-07T01:00:00",
      dateReserved: "2017-08-06T00:00:00",
      dateUpdated: "2024-08-05T18:43:56.127Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-1721
Vulnerability from cvelistv5
Published
2009-07-31 18:29
Modified
2024-08-07 05:20
Severity ?
Summary
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
References
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.htmlvendor-advisory, x_refsource_FEDORA
http://support.apple.com/kb/HT3757x_refsource_CONFIRM
http://secunia.com/advisories/36123third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.htmlvendor-advisory, x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191vendor-advisory, x_refsource_MANDRIVA
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzx_refsource_CONFIRM
http://secunia.com/advisories/36753third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2035vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/36096third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1842vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2009:190vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/36030third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/36032third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gzx_refsource_CONFIRM
http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffx_refsource_CONFIRM
http://www.securityfocus.com/bid/35838vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1022674vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-831-1vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2009/2172vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA09-218A.htmlthird-party-advisory, x_refsource_CERT
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:20:35.076Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2009-8132",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT3757",
               },
               {
                  name: "36123",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36123",
               },
               {
                  name: "FEDORA-2009-8136",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
               },
               {
                  name: "MDVSA-2009:191",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
               },
               {
                  name: "36753",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36753",
               },
               {
                  name: "ADV-2009-2035",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/2035",
               },
               {
                  name: "36096",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36096",
               },
               {
                  name: "DSA-1842",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2009/dsa-1842",
               },
               {
                  name: "MDVSA-2009:190",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
               },
               {
                  name: "36030",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36030",
               },
               {
                  name: "36032",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36032",
               },
               {
                  name: "APPLE-SA-2009-08-05-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
               },
               {
                  name: "35838",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/35838",
               },
               {
                  name: "1022674",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1022674",
               },
               {
                  name: "USN-831-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-831-1",
               },
               {
                  name: "ADV-2009-2172",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/2172",
               },
               {
                  name: "TA09-218A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
               },
               {
                  name: "SUSE-SR:2009:014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-07-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-09-23T16:38:32",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "FEDORA-2009-8132",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT3757",
            },
            {
               name: "36123",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36123",
            },
            {
               name: "FEDORA-2009-8136",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
            },
            {
               name: "MDVSA-2009:191",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
            },
            {
               name: "36753",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36753",
            },
            {
               name: "ADV-2009-2035",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/2035",
            },
            {
               name: "36096",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36096",
            },
            {
               name: "DSA-1842",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2009/dsa-1842",
            },
            {
               name: "MDVSA-2009:190",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
            },
            {
               name: "36030",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36030",
            },
            {
               name: "36032",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36032",
            },
            {
               name: "APPLE-SA-2009-08-05-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
            },
            {
               name: "35838",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/35838",
            },
            {
               name: "1022674",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1022674",
            },
            {
               name: "USN-831-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-831-1",
            },
            {
               name: "ADV-2009-2172",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/2172",
            },
            {
               name: "TA09-218A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
            },
            {
               name: "SUSE-SR:2009:014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-1721",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "FEDORA-2009-8132",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
                  },
                  {
                     name: "http://support.apple.com/kb/HT3757",
                     refsource: "CONFIRM",
                     url: "http://support.apple.com/kb/HT3757",
                  },
                  {
                     name: "36123",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36123",
                  },
                  {
                     name: "FEDORA-2009-8136",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
                  },
                  {
                     name: "MDVSA-2009:191",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
                  },
                  {
                     name: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
                     refsource: "CONFIRM",
                     url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
                  },
                  {
                     name: "36753",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36753",
                  },
                  {
                     name: "ADV-2009-2035",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/2035",
                  },
                  {
                     name: "36096",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36096",
                  },
                  {
                     name: "DSA-1842",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2009/dsa-1842",
                  },
                  {
                     name: "MDVSA-2009:190",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
                  },
                  {
                     name: "36030",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36030",
                  },
                  {
                     name: "36032",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36032",
                  },
                  {
                     name: "APPLE-SA-2009-08-05-1",
                     refsource: "APPLE",
                     url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
                  },
                  {
                     name: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
                     refsource: "CONFIRM",
                     url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
                  },
                  {
                     name: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
                     refsource: "CONFIRM",
                     url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
                  },
                  {
                     name: "35838",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/35838",
                  },
                  {
                     name: "1022674",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1022674",
                  },
                  {
                     name: "USN-831-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-831-1",
                  },
                  {
                     name: "ADV-2009-2172",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/2172",
                  },
                  {
                     name: "TA09-218A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
                  },
                  {
                     name: "SUSE-SR:2009:014",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-1721",
      datePublished: "2009-07-31T18:29:00",
      dateReserved: "2009-05-20T00:00:00",
      dateUpdated: "2024-08-07T05:20:35.076Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20304
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 17:37
Severity ?
Summary
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: Fixed in OpenEXR 3.0.0-beta
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:37:23.947Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/pull/849",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939157",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2021-20304",
               },
               {
                  name: "GLSA-202210-31",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-31",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in OpenEXR 3.0.0-beta",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190 - Integer Overflow or Wraparound",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-31T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/pull/849",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939157",
            },
            {
               url: "https://access.redhat.com/security/cve/CVE-2021-20304",
            },
            {
               name: "GLSA-202210-31",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-31",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-20304",
      datePublished: "2022-08-23T00:00:00",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:37:23.947Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11764
Vulnerability from cvelistv5
Published
2020-04-14 22:41
Modified
2024-08-04 11:41
Severity ?
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:41:58.759Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "FEDORA-2020-e244f22a51",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
               },
               {
                  name: "openSUSE-SU-2020:0682",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211288",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211290",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211289",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211291",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211293",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211295",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211294",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:41",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "FEDORA-2020-e244f22a51",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
            },
            {
               name: "openSUSE-SU-2020:0682",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211288",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211290",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211289",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211291",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211293",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211295",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211294",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11764",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                  },
                  {
                     name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "FEDORA-2020-e244f22a51",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
                  },
                  {
                     name: "openSUSE-SU-2020:0682",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211288",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211288",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211290",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211290",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211289",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211289",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211291",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211291",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211293",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211293",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211295",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211295",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211294",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211294",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11764",
      datePublished: "2020-04-14T22:41:32",
      dateReserved: "2020-04-14T00:00:00",
      dateUpdated: "2024-08-04T11:41:58.759Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3476
Vulnerability from cvelistv5
Published
2021-03-30 00:00
Modified
2024-08-03 16:53
Severity ?
Summary
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.0-beta
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:53:17.728Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939145",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.0-beta",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939145",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3476",
      datePublished: "2021-03-30T00:00:00",
      dateReserved: "2021-03-29T00:00:00",
      dateUpdated: "2024-08-03T16:53:17.728Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-9113
Vulnerability from cvelistv5
Published
2017-05-21 18:00
Modified
2024-08-05 16:55
Severity ?
Summary
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:55:22.261Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
               },
               {
                  name: "openSUSE-SU-2019:1816",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
               },
               {
                  name: "openSUSE-SU-2019:1826",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/issues/232",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/pull/233",
               },
               {
                  name: "USN-4148-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4148-1/",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-05-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-30T21:06:15",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
            },
            {
               name: "openSUSE-SU-2019:1816",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
            },
            {
               name: "openSUSE-SU-2019:1826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/issues/232",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/pull/233",
            },
            {
               name: "USN-4148-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4148-1/",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-9113",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                  },
                  {
                     name: "openSUSE-SU-2019:1816",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1826",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
                  },
                  {
                     name: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                  },
                  {
                     name: "https://github.com/openexr/openexr/issues/232",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/issues/232",
                  },
                  {
                     name: "https://github.com/openexr/openexr/pull/233",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/pull/233",
                  },
                  {
                     name: "USN-4148-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4148-1/",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-9113",
      datePublished: "2017-05-21T18:00:00",
      dateReserved: "2017-05-21T00:00:00",
      dateUpdated: "2024-08-05T16:55:22.261Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20296
Vulnerability from cvelistv5
Published
2021-04-01 00:00
Modified
2024-08-03 17:37
Severity ?
Summary
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.0-beta
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:37:23.528Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939141",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.0-beta",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939141",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-20296",
      datePublished: "2021-04-01T00:00:00",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:37:23.528Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-16588
Vulnerability from cvelistv5
Published
2020-12-09 00:00
Modified
2024-08-04 13:37
Severity ?
Summary
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:37:54.245Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/issues/493",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/issues/493",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-16588",
      datePublished: "2020-12-09T00:00:00",
      dateReserved: "2020-08-03T00:00:00",
      dateUpdated: "2024-08-04T13:37:54.245Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3605
Vulnerability from cvelistv5
Published
2021-08-25 00:00
Modified
2024-08-03 17:01
Severity ?
Summary
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.5
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:01:07.535Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970991",
               },
               {
                  name: "GLSA-202210-31",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-31",
               },
               {
                  name: "DSA-5299",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5299",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.5",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119->CWE-125",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970991",
            },
            {
               name: "GLSA-202210-31",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-31",
            },
            {
               name: "DSA-5299",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5299",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3605",
      datePublished: "2021-08-25T00:00:00",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-08-03T17:01:07.535Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-45942
Vulnerability from cvelistv5
Published
2021-12-31 00:00
Modified
2024-08-04 04:54
Severity ?
Summary
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T04:54:31.096Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/pull/1209",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022",
               },
               {
                  name: "FEDORA-2022-89c31c0a0c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/",
               },
               {
                  name: "FEDORA-2022-b0a85ed1b3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/",
               },
               {
                  name: "FEDORA-2022-f2e0d16c90",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/",
               },
               {
                  name: "GLSA-202210-31",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-31",
               },
               {
                  name: "DSA-5299",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5299",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/pull/1209",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022",
            },
            {
               name: "FEDORA-2022-89c31c0a0c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/",
            },
            {
               name: "FEDORA-2022-b0a85ed1b3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/",
            },
            {
               name: "FEDORA-2022-f2e0d16c90",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/",
            },
            {
               name: "GLSA-202210-31",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-31",
            },
            {
               name: "DSA-5299",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5299",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-45942",
      datePublished: "2021-12-31T00:00:00",
      dateReserved: "2021-12-31T00:00:00",
      dateUpdated: "2024-08-04T04:54:31.096Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3479
Vulnerability from cvelistv5
Published
2021-03-31 00:00
Modified
2024-08-03 16:53
Severity ?
Summary
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.0-beta
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:53:17.634Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939149",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.0-beta",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939149",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3479",
      datePublished: "2021-03-31T00:00:00",
      dateReserved: "2021-03-30T00:00:00",
      dateUpdated: "2024-08-03T16:53:17.634Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-15305
Vulnerability from cvelistv5
Published
2020-06-26 00:38
Modified
2024-08-04 13:15
Severity ?
Summary
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:15:20.110Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/pull/730",
               },
               {
                  name: "FEDORA-2020-8394f7fd12",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
               },
               {
                  name: "FEDORA-2020-a9a0f8f6cd",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
               },
               {
                  name: "USN-4418-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4418-1/",
               },
               {
                  name: "openSUSE-SU-2020:0970",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
               },
               {
                  name: "openSUSE-SU-2020:1015",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:38",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/pull/730",
            },
            {
               name: "FEDORA-2020-8394f7fd12",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
            },
            {
               name: "FEDORA-2020-a9a0f8f6cd",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
            },
            {
               name: "USN-4418-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4418-1/",
            },
            {
               name: "openSUSE-SU-2020:0970",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
            },
            {
               name: "openSUSE-SU-2020:1015",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-15305",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/pull/730",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/pull/730",
                  },
                  {
                     name: "FEDORA-2020-8394f7fd12",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
                  },
                  {
                     name: "FEDORA-2020-a9a0f8f6cd",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
                  },
                  {
                     name: "USN-4418-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4418-1/",
                  },
                  {
                     name: "openSUSE-SU-2020:0970",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1015",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-15305",
      datePublished: "2020-06-26T00:38:11",
      dateReserved: "2020-06-26T00:00:00",
      dateUpdated: "2024-08-04T13:15:20.110Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-5841
Vulnerability from cvelistv5
Published
2024-02-01 18:28
Modified
2024-08-02 08:14
Severity ?
Summary
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
Impacted products
Vendor Product Version
Academy Software Foundation OpenEXR Version: 0    3.2.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T08:14:24.651Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://takeonme.org/cves/CVE-2023-5841.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "OpenEXR",
               vendor: "Academy Software Foundation",
               versions: [
                  {
                     lessThanOrEqual: "3.2.1",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
                  {
                     status: "unaffected",
                     version: "3.2.2",
                  },
                  {
                     status: "unaffected",
                     version: "3.1.12 ",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "zenofex",
            },
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "WanderingGlitch",
            },
            {
               lang: "en",
               type: "coordinator",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Austin Hackers Anonymous!",
            },
         ],
         datePublic: "2024-01-31T22:35:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX&nbsp;image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">v3.2.2 and v3.1.12 of the affected library.</span><br>",
                  },
               ],
               value: "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.\n",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "CWE-122: Heap-based Buffer Overflow",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-21T23:36:15.206Z",
            orgId: "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
            shortName: "AHA",
         },
         references: [
            {
               url: "https://takeonme.org/cves/CVE-2023-5841.html",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "OpenEXR Heap Overflow in Scanline Deep Data Parsing",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
      assignerShortName: "AHA",
      cveId: "CVE-2023-5841",
      datePublished: "2024-02-01T18:28:05.892Z",
      dateReserved: "2023-10-29T23:41:19.153Z",
      dateUpdated: "2024-08-02T08:14:24.651Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20302
Vulnerability from cvelistv5
Published
2022-03-04 00:00
Modified
2024-08-03 17:37
Severity ?
Summary
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: Fixed in v2.5.4 and beyond.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:37:23.828Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939161",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/pull/842",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in v2.5.4 and beyond.",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 - Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939161",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/pull/842",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-20302",
      datePublished: "2022-03-04T00:00:00",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:37:23.828Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-23215
Vulnerability from cvelistv5
Published
2021-06-08 00:00
Modified
2024-08-03 19:05
Severity ?
Summary
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T19:05:53.906Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2021-6af32bfcd2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947586",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "DSA-5299",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5299",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "FEDORA-2021-6af32bfcd2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947586",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "DSA-5299",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5299",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-23215",
      datePublished: "2021-06-08T00:00:00",
      dateReserved: "2021-04-22T00:00:00",
      dateUpdated: "2024-08-03T19:05:53.906Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3474
Vulnerability from cvelistv5
Published
2021-03-30 00:00
Modified
2024-08-03 16:53
Severity ?
Summary
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.0-beta
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:53:17.593Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939142",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.0-beta",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939142",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3474",
      datePublished: "2021-03-30T00:00:00",
      dateReserved: "2021-03-29T00:00:00",
      dateUpdated: "2024-08-03T16:53:17.593Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-9116
Vulnerability from cvelistv5
Published
2017-05-21 18:00
Modified
2024-08-05 16:55
Severity ?
Summary
In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:55:22.382Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/issues/232",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/pull/233",
               },
               {
                  name: "USN-4148-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4148-1/",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-05-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-30T21:06:15",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/issues/232",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/pull/233",
            },
            {
               name: "USN-4148-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4148-1/",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-9116",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                  },
                  {
                     name: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                  },
                  {
                     name: "https://github.com/openexr/openexr/issues/232",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/issues/232",
                  },
                  {
                     name: "https://github.com/openexr/openexr/pull/233",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/pull/233",
                  },
                  {
                     name: "USN-4148-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4148-1/",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-9116",
      datePublished: "2017-05-21T18:00:00",
      dateReserved: "2017-05-21T00:00:00",
      dateUpdated: "2024-08-05T16:55:22.382Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3475
Vulnerability from cvelistv5
Published
2021-03-30 00:00
Modified
2024-08-03 16:53
Severity ?
Summary
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.0-beta
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:53:17.515Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939144",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.0-beta",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939144",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3475",
      datePublished: "2021-03-30T00:00:00",
      dateReserved: "2021-03-29T00:00:00",
      dateUpdated: "2024-08-03T16:53:17.515Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3933
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-03 17:09
Severity ?
Summary
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
Impacted products
Vendor Product Version
n/a openexr Version: OpenEXR 3.1.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.619Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2019783",
               },
               {
                  name: "FEDORA-2022-18e14f460c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/",
               },
               {
                  name: "GLSA-202210-31",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-31",
               },
               {
                  name: "DSA-5299",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5299",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openexr",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.1.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2019783",
            },
            {
               name: "FEDORA-2022-18e14f460c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/",
            },
            {
               name: "GLSA-202210-31",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-31",
            },
            {
               name: "DSA-5299",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5299",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3933",
      datePublished: "2022-03-25T00:00:00",
      dateReserved: "2021-11-08T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.619Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11763
Vulnerability from cvelistv5
Published
2020-04-14 22:41
Modified
2024-08-04 11:42
Severity ?
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:42:00.887Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "FEDORA-2020-e244f22a51",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
               },
               {
                  name: "openSUSE-SU-2020:0682",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211288",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211290",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211289",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211291",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211293",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211295",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211294",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:54",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "FEDORA-2020-e244f22a51",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
            },
            {
               name: "openSUSE-SU-2020:0682",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211288",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211290",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211289",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211291",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211293",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211295",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211294",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11763",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                  },
                  {
                     name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "FEDORA-2020-e244f22a51",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
                  },
                  {
                     name: "openSUSE-SU-2020:0682",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211288",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211288",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211290",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211290",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211289",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211289",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211291",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211291",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211293",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211293",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211295",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211295",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211294",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211294",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11763",
      datePublished: "2020-04-14T22:41:51",
      dateReserved: "2020-04-14T00:00:00",
      dateUpdated: "2024-08-04T11:42:00.887Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-15304
Vulnerability from cvelistv5
Published
2020-06-26 00:38
Modified
2024-08-04 13:15
Severity ?
Summary
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:15:19.992Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/pull/727",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
               },
               {
                  name: "FEDORA-2020-8394f7fd12",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
               },
               {
                  name: "FEDORA-2020-a9a0f8f6cd",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
               },
               {
                  name: "openSUSE-SU-2020:0970",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
               },
               {
                  name: "openSUSE-SU-2020:1015",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:36",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/pull/727",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
            },
            {
               name: "FEDORA-2020-8394f7fd12",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
            },
            {
               name: "FEDORA-2020-a9a0f8f6cd",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
            },
            {
               name: "openSUSE-SU-2020:0970",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
            },
            {
               name: "openSUSE-SU-2020:1015",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-15304",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/pull/727",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/pull/727",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
                  },
                  {
                     name: "FEDORA-2020-8394f7fd12",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
                  },
                  {
                     name: "FEDORA-2020-a9a0f8f6cd",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
                  },
                  {
                     name: "openSUSE-SU-2020:0970",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1015",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-15304",
      datePublished: "2020-06-26T00:38:18",
      dateReserved: "2020-06-26T00:00:00",
      dateUpdated: "2024-08-04T13:15:19.992Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20303
Vulnerability from cvelistv5
Published
2022-03-04 00:00
Modified
2024-08-03 17:37
Severity ?
Summary
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.
Impacted products
Vendor Product Version
n/a OpenEXR Version: Fixed in v2.5.4 and beyond.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:37:23.668Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939151",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/pull/831",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in v2.5.4 and beyond.",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-190",
                     description: "CWE-190 - Integer Overflow or Wraparound,  CWE-787 - Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939151",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/pull/831",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-20303",
      datePublished: "2022-03-04T00:00:00",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:37:23.668Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-9115
Vulnerability from cvelistv5
Published
2017-05-21 18:00
Modified
2024-08-05 16:55
Severity ?
Summary
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:55:22.255Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
               },
               {
                  name: "openSUSE-SU-2019:1816",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
               },
               {
                  name: "openSUSE-SU-2019:1826",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/issues/232",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/pull/233",
               },
               {
                  name: "USN-4148-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4148-1/",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-05-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-30T21:06:19",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
            },
            {
               name: "openSUSE-SU-2019:1816",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
            },
            {
               name: "openSUSE-SU-2019:1826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/issues/232",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/pull/233",
            },
            {
               name: "USN-4148-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4148-1/",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-9115",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                  },
                  {
                     name: "openSUSE-SU-2019:1816",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1826",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
                  },
                  {
                     name: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                  },
                  {
                     name: "https://github.com/openexr/openexr/issues/232",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/issues/232",
                  },
                  {
                     name: "https://github.com/openexr/openexr/pull/233",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/pull/233",
                  },
                  {
                     name: "USN-4148-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4148-1/",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-9115",
      datePublished: "2017-05-21T18:00:00",
      dateReserved: "2017-05-21T00:00:00",
      dateUpdated: "2024-08-05T16:55:22.255Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-26260
Vulnerability from cvelistv5
Published
2021-06-08 00:00
Modified
2024-08-03 20:19
Severity ?
Summary
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T20:19:20.135Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2021-6af32bfcd2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947582",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "DSA-5299",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5299",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "FEDORA-2021-6af32bfcd2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947582",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "DSA-5299",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5299",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-26260",
      datePublished: "2021-06-08T00:00:00",
      dateReserved: "2021-04-22T00:00:00",
      dateUpdated: "2024-08-03T20:19:20.135Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20299
Vulnerability from cvelistv5
Published
2022-03-16 00:00
Modified
2024-08-03 17:37
Severity ?
Summary
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: Affected before v2.5.4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:37:23.881Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939154",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Affected before v2.5.4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 (NULL Pointer Dereference)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939154",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-20299",
      datePublished: "2022-03-16T00:00:00",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:37:23.881Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-9112
Vulnerability from cvelistv5
Published
2017-05-21 18:00
Modified
2024-08-05 16:55
Severity ?
Summary
In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:55:22.259Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/issues/232",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/pull/233",
               },
               {
                  name: "USN-4148-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4148-1/",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-05-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-30T21:06:09",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/issues/232",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/pull/233",
            },
            {
               name: "USN-4148-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4148-1/",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-9112",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                  },
                  {
                     name: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                  },
                  {
                     name: "https://github.com/openexr/openexr/issues/232",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/issues/232",
                  },
                  {
                     name: "https://github.com/openexr/openexr/pull/233",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/pull/233",
                  },
                  {
                     name: "USN-4148-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4148-1/",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-9112",
      datePublished: "2017-05-21T18:00:00",
      dateReserved: "2017-05-21T00:00:00",
      dateUpdated: "2024-08-05T16:55:22.259Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11758
Vulnerability from cvelistv5
Published
2020-04-14 22:43
Modified
2024-08-04 11:41
Severity ?
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:41:59.590Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "FEDORA-2020-e244f22a51",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
               },
               {
                  name: "openSUSE-SU-2020:0682",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211288",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211290",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211289",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211291",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211293",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211295",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211294",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:16",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "FEDORA-2020-e244f22a51",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
            },
            {
               name: "openSUSE-SU-2020:0682",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211288",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211290",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211289",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211291",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211293",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211295",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211294",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11758",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                  },
                  {
                     name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "FEDORA-2020-e244f22a51",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
                  },
                  {
                     name: "openSUSE-SU-2020:0682",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211288",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211288",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211290",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211290",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211289",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211289",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211291",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211291",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211293",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211293",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211295",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211295",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211294",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211294",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11758",
      datePublished: "2020-04-14T22:43:18",
      dateReserved: "2020-04-14T00:00:00",
      dateUpdated: "2024-08-04T11:41:59.590Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11759
Vulnerability from cvelistv5
Published
2020-04-14 22:43
Modified
2024-08-04 11:41
Severity ?
Summary
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:41:59.597Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "FEDORA-2020-e244f22a51",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211288",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211290",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211289",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211291",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211293",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211295",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211294",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:51",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "FEDORA-2020-e244f22a51",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211288",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211290",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211289",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211291",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211293",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211295",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211294",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11759",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                  },
                  {
                     name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "FEDORA-2020-e244f22a51",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211288",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211288",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211290",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211290",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211289",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211289",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211291",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211291",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211293",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211293",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211295",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211295",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211294",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211294",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11759",
      datePublished: "2020-04-14T22:43:08",
      dateReserved: "2020-04-14T00:00:00",
      dateUpdated: "2024-08-04T11:41:59.597Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11762
Vulnerability from cvelistv5
Published
2020-04-14 22:42
Modified
2024-08-04 11:41
Severity ?
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:41:59.519Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "FEDORA-2020-e244f22a51",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
               },
               {
                  name: "openSUSE-SU-2020:0682",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211288",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211290",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211289",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211291",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211293",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211295",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT211294",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-11T03:06:59",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "FEDORA-2020-e244f22a51",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
            },
            {
               name: "openSUSE-SU-2020:0682",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211288",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211290",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211289",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211291",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211293",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211295",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT211294",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11762",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
                  },
                  {
                     name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                     refsource: "MISC",
                     url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
                  },
                  {
                     name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "FEDORA-2020-e244f22a51",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
                  },
                  {
                     name: "openSUSE-SU-2020:0682",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211288",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211288",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211290",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211290",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211289",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211289",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211291",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211291",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211293",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211293",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211295",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211295",
                  },
                  {
                     name: "https://support.apple.com/kb/HT211294",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT211294",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
                  {
                     name: "GLSA-202107-27",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-27",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11762",
      datePublished: "2020-04-14T22:42:13",
      dateReserved: "2020-04-14T00:00:00",
      dateUpdated: "2024-08-04T11:41:59.519Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3941
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-03 17:09
Severity ?
Summary
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
Impacted products
Vendor Product Version
n/a openexr Version: OpenEXR 3.1.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:09:09.632Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2019789",
               },
               {
                  name: "FEDORA-2022-18e14f460c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/",
               },
               {
                  name: "GLSA-202210-31",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-31",
               },
               {
                  name: "DSA-5299",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5299",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openexr",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.1.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-369",
                     description: "CWE-369",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2019789",
            },
            {
               name: "FEDORA-2022-18e14f460c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/",
            },
            {
               name: "GLSA-202210-31",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-31",
            },
            {
               name: "DSA-5299",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5299",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3941",
      datePublished: "2022-03-25T00:00:00",
      dateReserved: "2021-11-09T00:00:00",
      dateUpdated: "2024-08-03T17:09:09.632Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-9111
Vulnerability from cvelistv5
Published
2017-05-21 18:00
Modified
2024-08-05 16:55
Severity ?
Summary
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:55:22.292Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
               },
               {
                  name: "openSUSE-SU-2019:1816",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
               },
               {
                  name: "openSUSE-SU-2019:1826",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/issues/232",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/pull/233",
               },
               {
                  name: "USN-4148-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4148-1/",
               },
               {
                  name: "USN-4339-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4339-1/",
               },
               {
                  name: "DSA-4755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4755",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-05-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-30T21:06:10",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
            },
            {
               name: "openSUSE-SU-2019:1816",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
            },
            {
               name: "openSUSE-SU-2019:1826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/issues/232",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/pull/233",
            },
            {
               name: "USN-4148-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4148-1/",
            },
            {
               name: "USN-4339-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4339-1/",
            },
            {
               name: "DSA-4755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4755",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-9111",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                  },
                  {
                     name: "openSUSE-SU-2019:1816",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1826",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
                  },
                  {
                     name: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                  },
                  {
                     name: "https://github.com/openexr/openexr/issues/232",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/issues/232",
                  },
                  {
                     name: "https://github.com/openexr/openexr/pull/233",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/pull/233",
                  },
                  {
                     name: "USN-4148-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4148-1/",
                  },
                  {
                     name: "USN-4339-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4339-1/",
                  },
                  {
                     name: "DSA-4755",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4755",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-9111",
      datePublished: "2017-05-21T18:00:00",
      dateReserved: "2017-05-21T00:00:00",
      dateUpdated: "2024-08-05T16:55:22.292Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-9110
Vulnerability from cvelistv5
Published
2017-05-21 18:00
Modified
2024-08-05 16:55
Severity ?
Summary
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:55:22.291Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/issues/232",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/pull/233",
               },
               {
                  name: "USN-4148-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4148-1/",
               },
               {
                  name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-05-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-30T21:06:20",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/issues/232",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/pull/233",
            },
            {
               name: "USN-4148-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4148-1/",
            },
            {
               name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-9110",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
                  },
                  {
                     name: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
                  },
                  {
                     name: "https://github.com/openexr/openexr/issues/232",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/issues/232",
                  },
                  {
                     name: "https://github.com/openexr/openexr/pull/233",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/pull/233",
                  },
                  {
                     name: "USN-4148-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4148-1/",
                  },
                  {
                     name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-9110",
      datePublished: "2017-05-21T18:00:00",
      dateReserved: "2017-05-21T00:00:00",
      dateUpdated: "2024-08-05T16:55:22.291Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-23169
Vulnerability from cvelistv5
Published
2021-06-08 00:00
Modified
2024-08-03 19:05
Severity ?
Summary
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T19:05:53.909Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2021-c194de7719",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/",
               },
               {
                  name: "FEDORA-2021-6af32bfcd2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947612",
               },
               {
                  name: "GLSA-202210-31",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-31",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-31T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "FEDORA-2021-c194de7719",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/",
            },
            {
               name: "FEDORA-2021-6af32bfcd2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947612",
            },
            {
               name: "GLSA-202210-31",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-31",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-23169",
      datePublished: "2021-06-08T00:00:00",
      dateReserved: "2021-04-22T00:00:00",
      dateUpdated: "2024-08-03T19:05:53.909Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-1720
Vulnerability from cvelistv5
Published
2009-07-31 18:29
Modified
2024-08-07 05:20
Severity ?
Summary
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.
References
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.htmlvendor-advisory, x_refsource_FEDORA
http://support.apple.com/kb/HT3757x_refsource_CONFIRM
http://secunia.com/advisories/36123third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.htmlvendor-advisory, x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191vendor-advisory, x_refsource_MANDRIVA
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzx_refsource_CONFIRM
http://secunia.com/advisories/36753third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2035vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/36096third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1842vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2009:190vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/36030third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/36032third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gzx_refsource_CONFIRM
http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffx_refsource_CONFIRM
http://www.securityfocus.com/bid/35838vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1022674vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-831-1vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2009/2172vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA09-218A.htmlthird-party-advisory, x_refsource_CERT
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.htmlvendor-advisory, x_refsource_SUSE
https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:20:35.092Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2009-8132",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT3757",
               },
               {
                  name: "36123",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36123",
               },
               {
                  name: "FEDORA-2009-8136",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
               },
               {
                  name: "MDVSA-2009:191",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
               },
               {
                  name: "36753",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36753",
               },
               {
                  name: "ADV-2009-2035",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/2035",
               },
               {
                  name: "36096",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36096",
               },
               {
                  name: "DSA-1842",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2009/dsa-1842",
               },
               {
                  name: "MDVSA-2009:190",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
               },
               {
                  name: "36030",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36030",
               },
               {
                  name: "36032",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36032",
               },
               {
                  name: "APPLE-SA-2009-08-05-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
               },
               {
                  name: "35838",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/35838",
               },
               {
                  name: "1022674",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1022674",
               },
               {
                  name: "USN-831-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-831-1",
               },
               {
                  name: "ADV-2009-2172",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/2172",
               },
               {
                  name: "TA09-218A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
               },
               {
                  name: "SUSE-SR:2009:014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-07-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors.  NOTE: some of these details are obtained from third party information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-09-23T16:38:58",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "FEDORA-2009-8132",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT3757",
            },
            {
               name: "36123",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36123",
            },
            {
               name: "FEDORA-2009-8136",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
            },
            {
               name: "MDVSA-2009:191",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
            },
            {
               name: "36753",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36753",
            },
            {
               name: "ADV-2009-2035",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/2035",
            },
            {
               name: "36096",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36096",
            },
            {
               name: "DSA-1842",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2009/dsa-1842",
            },
            {
               name: "MDVSA-2009:190",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
            },
            {
               name: "36030",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36030",
            },
            {
               name: "36032",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36032",
            },
            {
               name: "APPLE-SA-2009-08-05-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
            },
            {
               name: "35838",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/35838",
            },
            {
               name: "1022674",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1022674",
            },
            {
               name: "USN-831-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-831-1",
            },
            {
               name: "ADV-2009-2172",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/2172",
            },
            {
               name: "TA09-218A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
            },
            {
               name: "SUSE-SR:2009:014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-1720",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors.  NOTE: some of these details are obtained from third party information.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "FEDORA-2009-8132",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
                  },
                  {
                     name: "http://support.apple.com/kb/HT3757",
                     refsource: "CONFIRM",
                     url: "http://support.apple.com/kb/HT3757",
                  },
                  {
                     name: "36123",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36123",
                  },
                  {
                     name: "FEDORA-2009-8136",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
                  },
                  {
                     name: "MDVSA-2009:191",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
                  },
                  {
                     name: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
                     refsource: "CONFIRM",
                     url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
                  },
                  {
                     name: "36753",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36753",
                  },
                  {
                     name: "ADV-2009-2035",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/2035",
                  },
                  {
                     name: "36096",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36096",
                  },
                  {
                     name: "DSA-1842",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2009/dsa-1842",
                  },
                  {
                     name: "MDVSA-2009:190",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
                  },
                  {
                     name: "36030",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36030",
                  },
                  {
                     name: "36032",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36032",
                  },
                  {
                     name: "APPLE-SA-2009-08-05-1",
                     refsource: "APPLE",
                     url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
                  },
                  {
                     name: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
                     refsource: "CONFIRM",
                     url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
                  },
                  {
                     name: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
                     refsource: "CONFIRM",
                     url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
                  },
                  {
                     name: "35838",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/35838",
                  },
                  {
                     name: "1022674",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1022674",
                  },
                  {
                     name: "USN-831-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-831-1",
                  },
                  {
                     name: "ADV-2009-2172",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/2172",
                  },
                  {
                     name: "TA09-218A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
                  },
                  {
                     name: "SUSE-SR:2009:014",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
                  },
                  {
                     name: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
                     refsource: "CONFIRM",
                     url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-1720",
      datePublished: "2009-07-31T18:29:00",
      dateReserved: "2009-05-20T00:00:00",
      dateUpdated: "2024-08-07T05:20:35.092Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-14988
Vulnerability from cvelistv5
Published
2017-10-02 05:00
Modified
2024-08-05 19:42
Severity ?
Summary
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T19:42:22.370Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/openexr/openexr/issues/248",
               },
               {
                  name: "openSUSE-SU-2019:1954",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-10-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-09-23T19:34:23",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/openexr/openexr/issues/248",
            },
            {
               name: "openSUSE-SU-2019:1954",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html",
            },
         ],
         tags: [
            "disputed",
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-14988",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/openexr/openexr/issues/248",
                     refsource: "MISC",
                     url: "https://github.com/openexr/openexr/issues/248",
                  },
                  {
                     name: "openSUSE-SU-2019:1954",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-14988",
      datePublished: "2017-10-02T05:00:00",
      dateReserved: "2017-10-02T00:00:00",
      dateUpdated: "2024-08-05T19:42:22.370Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3478
Vulnerability from cvelistv5
Published
2021-03-31 00:00
Modified
2024-08-03 16:53
Severity ?
Summary
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.0-beta
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:53:17.620Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939160",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "GLSA-202107-27",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-27",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.0-beta",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939160",
            },
            {
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "GLSA-202107-27",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202107-27",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3478",
      datePublished: "2021-03-31T00:00:00",
      dateReserved: "2021-03-30T00:00:00",
      dateUpdated: "2024-08-03T16:53:17.620Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-16587
Vulnerability from cvelistv5
Published
2020-12-09 00:00
Modified
2024-08-04 13:37
Severity ?
Summary
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:37:54.261Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/issues/491",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a",
               },
               {
                  name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/issues/491",
            },
            {
               url: "https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a",
            },
            {
               name: "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-16587",
      datePublished: "2020-12-09T00:00:00",
      dateReserved: "2020-08-03T00:00:00",
      dateUpdated: "2024-08-04T13:37:54.261Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3598
Vulnerability from cvelistv5
Published
2021-07-06 00:00
Modified
2024-08-03 17:01
Severity ?
Summary
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Impacted products
Vendor Product Version
n/a OpenEXR Version: OpenEXR 3.0.5
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:01:08.004Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970987",
               },
               {
                  name: "GLSA-202210-31",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-31",
               },
               {
                  name: "DSA-5299",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5299",
               },
               {
                  name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenEXR",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenEXR 3.0.5",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119->CWE-125",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-12T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970987",
            },
            {
               name: "GLSA-202210-31",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-31",
            },
            {
               name: "DSA-5299",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5299",
            },
            {
               name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3598",
      datePublished: "2021-07-06T00:00:00",
      dateReserved: "2021-06-11T00:00:00",
      dateUpdated: "2024-08-03T17:01:08.004Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2021-03-30 18:15
Modified
2024-11-21 06:21
Summary
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
Impacted products
Vendor Product Version
openexr openexr *
openexr openexr *
debian debian_linux 9.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12541242-6F4A-457C-B0D3-B97C75F79627",
                     versionEndExcluding: "2.4.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3540D6CF-36A9-4FE9-9D0D-C3263DE61E62",
                     versionEndExcluding: "2.5.4",
                     versionStartIncluding: "2.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.",
      },
      {
         lang: "es",
         value: "Se presenta un fallo en OpenEXR en versiones anteriores a 3.0.0-beta.&#xa0;Un atacante que pueda enviar un archivo diseñado para que lo procese OpenEXR podría causar un desbordamiento de enteros, lo que podría conllevar a problemas con la disponibilidad de la aplicación.",
      },
   ],
   id: "CVE-2021-3475",
   lastModified: "2024-11-21T06:21:37.953",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-30T18:15:18.013",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939144",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939144",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-21 18:29
Modified
2024-11-21 03:35
Summary
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2017/05/12/5Third Party Advisory
cve@mitre.orghttps://github.com/openexr/openexr/issues/232
cve@mitre.orghttps://github.com/openexr/openexr/pull/233
cve@mitre.orghttps://github.com/openexr/openexr/releases/tag/v2.2.1
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
cve@mitre.orghttps://usn.ubuntu.com/4148-1/
cve@mitre.orghttps://usn.ubuntu.com/4339-1/
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/05/12/5Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/issues/232
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/pull/233
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/releases/tag/v2.2.1
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4148-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755
Impacted products
Vendor Product Version
openexr openexr 2.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA193BE-2354-4F9E-8415-F743BAAFEA2C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.",
      },
      {
         lang: "es",
         value: "En la versión 2.2.0 de OpenEXR, una lectura inválida de tamaño 2 en la función = operator podría provocar el cierre inesperado de la aplicación o la ejecución de código arbitrario.",
      },
   ],
   id: "CVE-2017-9115",
   lastModified: "2024-11-21T03:35:21.327",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-21T18:29:00.457",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-14 23:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211288Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211289Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211290Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211291Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211293Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211294Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211295Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4339-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211288Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211289Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211290Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211293Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211294Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211295Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57A8F73B-345B-48BD-8D9B-92AD24033265",
                     versionEndExcluding: "2.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5B3BB46F-F586-4A2B-91C6-4D3AA226B478",
                     versionEndExcluding: "7.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5DBDFC69-1F0F-40E9-833E-FBFB92DF0541",
                     versionEndExcluding: "11.3",
                     versionStartIncluding: "10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B626717E-0DED-4C76-B92D-D58AB27EED01",
                     versionEndExcluding: "12.10.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87D68071-5235-4B50-90F0-B55B0C668840",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC",
                     versionEndExcluding: "10.13.6",
                     versionStartIncluding: "10.13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0",
                     versionEndExcluding: "10.14.6",
                     versionStartIncluding: "10.14.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B5F6281-877C-491C-9C4A-C28C604FB422",
                     versionEndExcluding: "10.15.6",
                     versionStartIncluding: "10.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
                     matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
                     matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "8EA63C1C-1EEC-4961-A7B7-439D21293B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "B2F5D631-2306-4526-BEE5-22456D95ABAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "09FA5087-C576-483F-B660-F9D155933CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:supplemental_update:*:*:*:*:*:*",
                     matchCriteriaId: "4F7E284D-75F5-43E8-ABD4-13DD4F3945F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
                     matchCriteriaId: "2C88BD98-46F5-447F-963A-FB9B167E31BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
                     matchCriteriaId: "C7A0615B-D958-4BBF-B53F-AA839A0FE845",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "888463CA-9C67-46B2-B197-DDD3A668F980",
                     versionEndExcluding: "13.4.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "494FA012-A268-42FC-B023-2A10817B1096",
                     versionEndExcluding: "6.2.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta un error por un paso en el uso de la función de lectura del archivo ImfXdr.h por DwaCompressor::Classifier::Classifier, conllevando a una lectura fuera de límites.",
      },
   ],
   id: "CVE-2020-11765",
   lastModified: "2024-11-21T04:58:33.867",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-14T23:15:12.560",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
            {
               lang: "en",
               value: "CWE-193",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-14 23:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
References
cve@mitre.orghttps://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211288Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211289Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211290Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211291Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211293Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211294Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211295Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4339-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211288Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211289Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211290Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211293Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211294Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211295Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57A8F73B-345B-48BD-8D9B-92AD24033265",
                     versionEndExcluding: "2.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5B3BB46F-F586-4A2B-91C6-4D3AA226B478",
                     versionEndExcluding: "7.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5DBDFC69-1F0F-40E9-833E-FBFB92DF0541",
                     versionEndExcluding: "11.3",
                     versionStartIncluding: "10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B626717E-0DED-4C76-B92D-D58AB27EED01",
                     versionEndExcluding: "12.10.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87D68071-5235-4B50-90F0-B55B0C668840",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC",
                     versionEndExcluding: "10.13.6",
                     versionStartIncluding: "10.13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0",
                     versionEndExcluding: "10.14.6",
                     versionStartIncluding: "10.14.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B5F6281-877C-491C-9C4A-C28C604FB422",
                     versionEndExcluding: "10.15.6",
                     versionStartIncluding: "10.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
                     matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
                     matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "8EA63C1C-1EEC-4961-A7B7-439D21293B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "B2F5D631-2306-4526-BEE5-22456D95ABAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "09FA5087-C576-483F-B660-F9D155933CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "888463CA-9C67-46B2-B197-DDD3A668F980",
                     versionEndExcluding: "13.4.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "494FA012-A268-42FC-B023-2A10817B1096",
                     versionEndExcluding: "6.2.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Debido a un desbordamientos de enteros en las funciones CompositeDeepScanLine::Data::handleDeepFrameBuffer y readSampleCountForLineBlock, un atacante puede escribir en un puntero fuera de límites.",
      },
   ],
   id: "CVE-2020-11759",
   lastModified: "2024-11-21T04:58:32.637",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-14T23:15:12.217",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-14 23:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211288Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211289Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211290Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211291Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211293Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211294Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211295Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4339-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211288Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211289Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211290Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211293Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211294Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211295Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57A8F73B-345B-48BD-8D9B-92AD24033265",
                     versionEndExcluding: "2.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5B3BB46F-F586-4A2B-91C6-4D3AA226B478",
                     versionEndExcluding: "7.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "354F932A-81A0-4C4F-91C0-8C76C72CC4E1",
                     versionEndExcluding: "11.3",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B626717E-0DED-4C76-B92D-D58AB27EED01",
                     versionEndExcluding: "12.10.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87D68071-5235-4B50-90F0-B55B0C668840",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD0ACF42-C643-4DED-ADF7-4FA29B7578F7",
                     versionEndExcluding: "10.15.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC",
                     versionEndExcluding: "10.13.6",
                     versionStartIncluding: "10.13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0",
                     versionEndExcluding: "10.14.6",
                     versionStartIncluding: "10.14.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
                     matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
                     matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "8EA63C1C-1EEC-4961-A7B7-439D21293B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "B2F5D631-2306-4526-BEE5-22456D95ABAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "09FA5087-C576-483F-B660-F9D155933CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:supplemental_update:*:*:*:*:*:*",
                     matchCriteriaId: "4F7E284D-75F5-43E8-ABD4-13DD4F3945F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
                     matchCriteriaId: "2C88BD98-46F5-447F-963A-FB9B167E31BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
                     matchCriteriaId: "C7A0615B-D958-4BBF-B53F-AA839A0FE845",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "888463CA-9C67-46B2-B197-DDD3A668F980",
                     versionEndExcluding: "13.4.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "494FA012-A268-42FC-B023-2A10817B1096",
                     versionEndExcluding: "6.2.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de límites en el archivo ImfOptimizedPixelReading.h.",
      },
   ],
   id: "CVE-2020-11758",
   lastModified: "2024-11-21T04:58:32.430",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-14T23:15:12.167",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-14 23:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211288Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211289Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211290Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211291Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211293Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211294Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211295Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4339-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211288Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211289Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211290Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211293Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211294Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211295Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57A8F73B-345B-48BD-8D9B-92AD24033265",
                     versionEndExcluding: "2.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5B3BB46F-F586-4A2B-91C6-4D3AA226B478",
                     versionEndExcluding: "7.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5DBDFC69-1F0F-40E9-833E-FBFB92DF0541",
                     versionEndExcluding: "11.3",
                     versionStartIncluding: "10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B626717E-0DED-4C76-B92D-D58AB27EED01",
                     versionEndExcluding: "12.10.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87D68071-5235-4B50-90F0-B55B0C668840",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD0ACF42-C643-4DED-ADF7-4FA29B7578F7",
                     versionEndExcluding: "10.15.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC",
                     versionEndExcluding: "10.13.6",
                     versionStartIncluding: "10.13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0",
                     versionEndExcluding: "10.14.6",
                     versionStartIncluding: "10.14.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
                     matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
                     matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "8EA63C1C-1EEC-4961-A7B7-439D21293B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "B2F5D631-2306-4526-BEE5-22456D95ABAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "09FA5087-C576-483F-B660-F9D155933CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "888463CA-9C67-46B2-B197-DDD3A668F980",
                     versionEndExcluding: "13.4.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "494FA012-A268-42FC-B023-2A10817B1096",
                     versionEndExcluding: "6.2.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de límites durante la descompresión de Huffman, como es demostrado por la función FastHufDecoder::refill en el archivo ImfFastHuf.cpp.",
      },
   ],
   id: "CVE-2020-11761",
   lastModified: "2024-11-21T04:58:33.050",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-14T23:15:12.327",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-21 18:29
Modified
2024-11-21 03:35
Summary
In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
Impacted products
Vendor Product Version
openexr openexr 2.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA193BE-2354-4F9E-8415-F743BAAFEA2C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.",
      },
      {
         lang: "es",
         value: "En la versión 2.2.0 de OpenEXR, una lectura inválida de tamaño 1 en la función refill en ImfFastHuf.cpp podría provocar el cierre inesperado de la aplicación.",
      },
   ],
   id: "CVE-2017-9114",
   lastModified: "2024-11-21T03:35:21.170",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-21T18:29:00.407",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-02-01 19:15
Modified
2024-11-21 08:42
Severity ?
Summary
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
Impacted products
Vendor Product Version
openexr openexr *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "95B42B05-2815-4CB0-99A1-B19F587AA13C",
                     versionEndIncluding: "3.2.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.\n",
      },
      {
         lang: "es",
         value: "Debido a un fallo en la validación del número de muestras de líneas de escaneo de un archivo OpenEXR que contiene datos de líneas de escaneo profundas, la librería de análisis de imágenes Academy Software Foundation OpenEX versión 3.2.1 y anteriores es susceptible a una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria.",
      },
   ],
   id: "CVE-2023-5841",
   lastModified: "2024-11-21T08:42:36.563",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 9.1,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-02-01T19:15:08.097",
   references: [
      {
         source: "cve@takeonme.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/",
      },
      {
         source: "cve@takeonme.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/",
      },
      {
         source: "cve@takeonme.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://takeonme.org/cves/CVE-2023-5841.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://takeonme.org/cves/CVE-2023-5841.html",
      },
   ],
   sourceIdentifier: "cve@takeonme.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-122",
            },
         ],
         source: "cve@takeonme.org",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-26 01:15
Modified
2024-11-21 05:05
Summary
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.htmlThird Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.mdRelease Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.mdThird Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/pull/727Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.mdRelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.mdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/pull/727Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
Impacted products
Vendor Product Version
openexr openexr *
fedoraproject fedora 31
fedoraproject fedora 32
opensuse leap 15.1
opensuse leap 15.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4454FB27-4F36-41F1-AB07-5601534FB726",
                     versionEndExcluding: "2.5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Un archivo de entrada de mosaico no válido podría provocar un acceso de la memoria no válido en la función TiledInputFile::TiledInputFile() en el archivo IlmImf/ImfTiledInputFile.cpp, como es demostrado por una desreferencia del puntero NULL",
      },
   ],
   id: "CVE-2020-15304",
   lastModified: "2024-11-21T05:05:17.013",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-26T01:15:10.400",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/727",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/727",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-10-03 01:29
Modified
2024-11-21 03:13
Summary
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid
Impacted products
Vendor Product Version
openexr openexr 2.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA193BE-2354-4F9E-8415-F743BAAFEA2C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [
      {
         sourceIdentifier: "cve@mitre.org",
         tags: [
            "disputed",
         ],
      },
   ],
   descriptions: [
      {
         lang: "en",
         value: "Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid",
      },
      {
         lang: "es",
         value: "** EN DISPUTA ** Header::readfrom en IlmImf/ImfHeader.cpp en OpenEXR 2.2.0 permite que los atacantes remotos provoquen una denegación de servicio (asignación de memoria excesiva) mediante un archivo manipulado al que se puede acceder con la función ImfOpenInputFile en IlmImf/ImfCRgbaFile.cpp. NOTA: El mantenedor de software y varios terceros creen que esta vulnerabilidad no es válida.",
      },
   ],
   id: "CVE-2017-14988",
   lastModified: "2024-11-21T03:13:54.137",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-10-03T01:29:02.903",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/openexr/openexr/issues/248",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/openexr/openexr/issues/248",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-23 16:15
Modified
2024-11-21 05:46
Summary
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.
References
Impacted products
Vendor Product Version
openexr openexr *
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AA57D0D-80D4-442D-8686-698527811EA4",
                     versionEndIncluding: "2.5.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo en B44Compressor de OpenEXR. Este fallo permite a un atacante que puede enviar un archivo diseñado para ser procesado por OpenEXR, agotar toda la memoria accesible a la aplicación. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema.",
      },
   ],
   id: "CVE-2021-20298",
   lastModified: "2024-11-21T05:46:18.500",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-23T16:15:09.020",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-20298",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939156",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/843",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-20298",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939156",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/843",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-12-09 21:15
Modified
2024-11-21 05:07
Summary
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
Impacted products
Vendor Product Version
openexr openexr 2.3.0
debian debian_linux 9.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "211E2557-6796-4695-AE6C-80D0C537B2D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.",
      },
      {
         lang: "es",
         value: "Se presenta una vulnerabilidad de desbordamiento del búfer en la región heap de la memoria en Academy Software Foundation OpenEXR versión 2.3.0 en la función chunkOffsetReconstruction en el archivo ImfMultiPartInputFile.cpp que puede causar una denegación de servicio por medio de un archivo EXR diseñado",
      },
   ],
   id: "CVE-2020-16587",
   lastModified: "2024-11-21T05:07:09.867",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-12-09T21:15:14.850",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/issues/491",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/issues/491",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-21 18:29
Modified
2024-11-21 03:35
Summary
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
Impacted products
Vendor Product Version
openexr openexr 2.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA193BE-2354-4F9E-8415-F743BAAFEA2C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.",
      },
      {
         lang: "es",
         value: "En OpenEXR una lectura invalida de tamaño 2 en la función hufDecode en ImfHuf.cpp podría provocar el cierre inesperado de la aplicación.",
      },
   ],
   id: "CVE-2017-9110",
   lastModified: "2024-11-21T03:35:20.530",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-21T18:29:00.253",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4148-1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-26 01:15
Modified
2024-11-21 05:05
Summary
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.htmlThird Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.mdRelease Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.mdThird Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/pull/730Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlThird Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4418-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.mdRelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.mdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/pull/730Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4418-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4454FB27-4F36-41F1-AB07-5601534FB726",
                     versionEndExcluding: "2.5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. La entrada no válida podría causar un uso de la memoria previamente liberada de la función DeepScanLineInputFile::DeepScanLineInputFile() en el archivo IlmImf/ImfDeepScanLineInputFile.cpp",
      },
   ],
   id: "CVE-2020-15305",
   lastModified: "2024-11-21T05:05:17.200",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-26T01:15:10.480",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/730",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4418-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/730",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4418-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-21 18:29
Modified
2024-11-21 03:35
Summary
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2017/05/12/5Third Party Advisory
cve@mitre.orghttps://github.com/openexr/openexr/issues/232
cve@mitre.orghttps://github.com/openexr/openexr/pull/233
cve@mitre.orghttps://github.com/openexr/openexr/releases/tag/v2.2.1
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
cve@mitre.orghttps://usn.ubuntu.com/4148-1/
cve@mitre.orghttps://usn.ubuntu.com/4339-1/
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/05/12/5Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/issues/232
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/pull/233
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/releases/tag/v2.2.1
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4148-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755
Impacted products
Vendor Product Version
openexr openexr 2.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA193BE-2354-4F9E-8415-F743BAAFEA2C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.",
      },
      {
         lang: "es",
         value: "En OpenEXR 2.2.0 una escritura inválida de tamaño 1 en la función bufferedReadPixels en el archivo ImfInputFile.cpp podría provocar el cierre inesperado de una aplicación o ejecutar código arbitrario.",
      },
   ],
   id: "CVE-2017-9113",
   lastModified: "2024-11-21T03:35:21.013",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-21T18:29:00.377",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-07-06 15:15
Modified
2024-11-21 06:21
Summary
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Impacted products
Vendor Product Version
openexr openexr *
redhat enterprise_linux 8.0
debian debian_linux 10.0
debian debian_linux 11.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3ABB16C1-2774-41B5-BA28-28A00DFFD4F4",
                     versionEndExcluding: "3.0.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.",
      },
      {
         lang: "es",
         value: "Se presenta un fallo en la funcionalidad ImfDeepScanLineInputFile de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura fuera de límites. El mayor riesgo de este fallo es la disponibilidad de la aplicación",
      },
   ],
   id: "CVE-2021-3598",
   lastModified: "2024-11-21T06:21:56.233",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-07-06T15:15:07.800",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970987",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-14 23:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211288Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211289Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211290Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211291Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211293Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211294Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211295Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4339-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211288Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211289Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211290Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211293Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211294Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211295Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57A8F73B-345B-48BD-8D9B-92AD24033265",
                     versionEndExcluding: "2.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5B3BB46F-F586-4A2B-91C6-4D3AA226B478",
                     versionEndExcluding: "7.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5DBDFC69-1F0F-40E9-833E-FBFB92DF0541",
                     versionEndExcluding: "11.3",
                     versionStartIncluding: "10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B626717E-0DED-4C76-B92D-D58AB27EED01",
                     versionEndExcluding: "12.10.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87D68071-5235-4B50-90F0-B55B0C668840",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC",
                     versionEndExcluding: "10.13.6",
                     versionStartIncluding: "10.13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0",
                     versionEndExcluding: "10.14.6",
                     versionStartIncluding: "10.14.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B5F6281-877C-491C-9C4A-C28C604FB422",
                     versionEndExcluding: "10.15.6",
                     versionStartIncluding: "10.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
                     matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
                     matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "8EA63C1C-1EEC-4961-A7B7-439D21293B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "B2F5D631-2306-4526-BEE5-22456D95ABAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "09FA5087-C576-483F-B660-F9D155933CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "888463CA-9C67-46B2-B197-DDD3A668F980",
                     versionEndExcluding: "13.4.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "494FA012-A268-42FC-B023-2A10817B1096",
                     versionEndExcluding: "6.2.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una escritura fuera de límites en la función copyIntoFrameBuffer en el archivo ImfMisc.cpp.",
      },
   ],
   id: "CVE-2020-11764",
   lastModified: "2024-11-21T04:58:33.673",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-14T23:15:12.480",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-03-16 15:15
Modified
2024-11-21 05:46
Summary
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
openexr openexr *
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A41E435-16D4-4706-B45A-0AB56664C6EF",
                     versionEndExcluding: "2.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo en la funcionalidad Multipart input file de OpenEXR. Un archivo de entrada multiparte diseñado sin partes reales puede desencadenar una desreferencia de puntero NULL. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema",
      },
   ],
   id: "CVE-2021-20299",
   lastModified: "2024-11-21T05:46:18.630",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-16T15:15:10.043",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939154",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939154",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-30 18:15
Modified
2024-11-21 06:21
Summary
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
Impacted products
Vendor Product Version
openexr openexr *
openexr openexr *
debian debian_linux 9.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12541242-6F4A-457C-B0D3-B97C75F79627",
                     versionEndExcluding: "2.4.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3540D6CF-36A9-4FE9-9D0D-C3263DE61E62",
                     versionEndExcluding: "2.5.4",
                     versionStartIncluding: "2.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.",
      },
      {
         lang: "es",
         value: "Se presenta un fallo en OpenEXR en versiones anteriores a 3.0.0-beta.&#xa0;Un archivo de entrada diseñado que es procesado por OpenEXR podría causar un desbordamiento de cambios en FastHufDecoder, lo que podría generar problemas con la disponibilidad de la aplicación.",
      },
   ],
   id: "CVE-2021-3474",
   lastModified: "2024-11-21T06:21:37.787",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-30T18:15:17.933",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939142",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939142",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-07-31 19:00
Modified
2024-11-21 01:03
Severity ?
Summary
Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
cve@mitre.orghttp://secunia.com/advisories/36032Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36096
cve@mitre.orghttp://secunia.com/advisories/36753
cve@mitre.orghttp://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzPatch
cve@mitre.orghttp://support.apple.com/kb/HT3757
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1842Patch
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:191
cve@mitre.orghttp://www.securityfocus.com/bid/35838Patch
cve@mitre.orghttp://www.securitytracker.com/id?1022674
cve@mitre.orghttp://www.ubuntu.com/usn/USN-831-1
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-218A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2035Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2172
cve@mitre.orghttps://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36032Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36096
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36753
af854a3a-2127-422b-91ae-364da2661108http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzPatch
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3757
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1842Patch
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35838Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022674
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-831-1
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-218A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2035Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2172
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010
Impacted products
Vendor Product Version
openexr openexr 1.2.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D0003E3-C50B-4C46-8A24-A874A5C137E1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Un desbordamiento de búfer en la región heap de la memoria en la implementación de compresión en OpenEXR versión 1.2.2, permite a los atacantes dependiendo del contexto causar una denegación de servicio (bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de vectores no especificados.",
      },
   ],
   id: "CVE-2009-1722",
   lastModified: "2024-11-21T01:03:11.877",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2009-07-31T19:00:01.127",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36032",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/36096",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/36753",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
      },
      {
         source: "cve@mitre.org",
         url: "http://support.apple.com/kb/HT3757",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2009/dsa-1842",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/35838",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1022674",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-831-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2035",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2009/2172",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36032",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/36096",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/36753",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.apple.com/kb/HT3757",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2009/dsa-1842",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/35838",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1022674",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-831-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2035",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2009/2172",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-07-31 19:00
Modified
2024-11-21 01:03
Severity ?
Summary
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2009/Aug/msg00001.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.htmlMailing List
cve@mitre.orghttp://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffBroken Link, Patch
cve@mitre.orghttp://secunia.com/advisories/36030Broken Link, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36032Broken Link, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36096Broken Link
cve@mitre.orghttp://secunia.com/advisories/36123Broken Link
cve@mitre.orghttp://secunia.com/advisories/36753Broken Link
cve@mitre.orghttp://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzBroken Link, Patch
cve@mitre.orghttp://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gzBroken Link, Patch
cve@mitre.orghttp://support.apple.com/kb/HT3757Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1842Mailing List
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:190Broken Link
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:191Broken Link
cve@mitre.orghttp://www.securityfocus.com/bid/35838Broken Link, Patch, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id?1022674Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-831-1Third Party Advisory
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-218A.htmlThird Party Advisory, US Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2035Broken Link, Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2172Broken Link
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.htmlMailing List
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffBroken Link, Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36030Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36032Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36096Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36123Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36753Broken Link
af854a3a-2127-422b-91ae-364da2661108http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzBroken Link, Patch
af854a3a-2127-422b-91ae-364da2661108http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gzBroken Link, Patch
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3757Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1842Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:190Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:191Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35838Broken Link, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022674Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-831-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-218A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2035Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2172Broken Link
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.htmlMailing List



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D0003E3-C50B-4C46-8A24-A874A5C137E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "763A3838-4D7D-4221-963C-8A58560A03F6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33910C38-56F2-4D36-BBA3-C88E163704B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "80C038E4-C24D-45E9-8287-C205C0C07809",
                     versionEndExcluding: "10.5.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C757774-08E7-40AA-B532-6F705C8F7639",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0507E91-567A-41D6-A7E5-5088A39F75FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "4747CC68-FAF4-482F-929A-9DA6C24CB663",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
                     matchCriteriaId: "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.",
      },
      {
         lang: "es",
         value: "La implementación de la descompresión en la función Imf::hufUncompress en OpenEXR v1.2.2 y v1.6.1 permite a los atacantes dependientes del contexto provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores que provocan una estructura de punteros no inicializados.",
      },
   ],
   id: "CVE-2009-1721",
   lastModified: "2024-11-21T01:03:11.703",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2009-07-31T19:00:01.093",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36030",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36032",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/36096",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/36123",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/36753",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.apple.com/kb/HT3757",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://www.debian.org/security/2009/dsa-1842",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/35838",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1022674",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-831-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2035",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2172",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36030",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36032",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/36096",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/36123",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/36753",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.apple.com/kb/HT3757",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://www.debian.org/security/2009/dsa-1842",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/35838",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1022674",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-831-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2035",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2172",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-824",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-31 14:15
Modified
2024-11-21 06:21
Summary
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
Impacted products
Vendor Product Version
openexr openexr *
openexr openexr *
debian debian_linux 9.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12541242-6F4A-457C-B0D3-B97C75F79627",
                     versionEndExcluding: "2.4.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3540D6CF-36A9-4FE9-9D0D-C3263DE61E62",
                     versionEndExcluding: "2.5.4",
                     versionStartIncluding: "2.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.",
      },
      {
         lang: "es",
         value: "Se presenta un fallo en la funcionalidad scanline input file de OpenEXR en versiones anteriores a 3.0.0-beta.&#xa0;Un atacante capaz de enviar un archivo diseñado para que sea procesado por OpenEXR podría consumir una cantidad excesiva de la memoria del sistema.&#xa0;El mayor impacto de este fallo es la disponibilidad del sistema.",
      },
   ],
   id: "CVE-2021-3478",
   lastModified: "2024-11-21T06:21:38.417",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-31T14:15:21.127",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939160",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939160",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-08-25 19:15
Modified
2024-11-21 06:21
Summary
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Impacted products
Vendor Product Version
openexr openexr *
redhat enterprise_linux 8.0
debian debian_linux 10.0
debian debian_linux 11.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3ABB16C1-2774-41B5-BA28-28A00DFFD4F4",
                     versionEndExcluding: "3.0.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.",
      },
      {
         lang: "es",
         value: "Se presenta un fallo en la funcionalidad rleUncompress de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura fuera de límites. El mayor riesgo de este fallo es la disponibilidad de la aplicación.",
      },
   ],
   id: "CVE-2021-3605",
   lastModified: "2024-11-21T06:21:57.633",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-08-25T19:15:14.757",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970991",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970991",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-03-04 18:15
Modified
2024-11-21 05:46
Summary
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
openexr openexr *
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A41E435-16D4-4706-B45A-0AB56664C6EF",
                     versionEndExcluding: "2.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo en la funcionalidad hufUncompress de OpenEXR en el archivo OpenEXR/IlmImf/ImfHuf.cpp. Este fallo permite a un atacante que pueda enviar un archivo diseñado que sea procesado por OpenEXR, para desencadenar un desbordamiento de enteros. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema",
      },
   ],
   id: "CVE-2021-20300",
   lastModified: "2024-11-21T05:46:18.760",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-04T18:15:07.867",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939153",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/836",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939153",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/836",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-07-31 19:00
Modified
2024-11-21 01:03
Severity ?
Summary
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
cve@mitre.orghttp://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffPatch
cve@mitre.orghttp://secunia.com/advisories/36030Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36032Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36096
cve@mitre.orghttp://secunia.com/advisories/36123
cve@mitre.orghttp://secunia.com/advisories/36753
cve@mitre.orghttp://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzPatch
cve@mitre.orghttp://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gzPatch
cve@mitre.orghttp://support.apple.com/kb/HT3757
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1842Patch
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:190
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:191
cve@mitre.orghttp://www.securityfocus.com/bid/35838Patch
cve@mitre.orghttp://www.securitytracker.com/id?1022674
cve@mitre.orghttp://www.ubuntu.com/usn/USN-831-1
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-218A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2035Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2172
cve@mitre.orghttps://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36030Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36032Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36096
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36123
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36753
af854a3a-2127-422b-91ae-364da2661108http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzPatch
af854a3a-2127-422b-91ae-364da2661108http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gzPatch
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3757
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1842Patch
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35838Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022674
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-831-1
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-218A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2035Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2172
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
Impacted products
Vendor Product Version
openexr openexr 1.2.2
openexr openexr 1.6.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D0003E3-C50B-4C46-8A24-A874A5C137E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "763A3838-4D7D-4221-963C-8A58560A03F6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors.  NOTE: some of these details are obtained from third party information.",
      },
      {
         lang: "es",
         value: "Múltiples desbordamientos de enteros en OpenEXR v1.2.2 y v1.6.1 permite a los atacantes dependientes del contexto provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados que provocan desbordamientos de búfer basados en memoria dinámica, relacionados con (1) al función Imf::PreviewImage::PreviewImage y (2) el contructor del compresor. NOTA: algunos de estos detalles se han obtenido de información de terceros.",
      },
   ],
   id: "CVE-2009-1720",
   lastModified: "2024-11-21T01:03:11.540",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-07-31T19:00:01.030",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36030",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36032",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/36096",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/36123",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/36753",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
      },
      {
         source: "cve@mitre.org",
         url: "http://support.apple.com/kb/HT3757",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2009/dsa-1842",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/35838",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1022674",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-831-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2035",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2009/2172",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36030",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36032",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/36096",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/36123",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/36753",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.apple.com/kb/HT3757",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2009/dsa-1842",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/35838",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1022674",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-831-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA09-218A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2035",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2009/2172",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-189",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-06-08 12:15
Modified
2024-11-21 05:51
Summary
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "815B6F00-E704-4438-85B8-5B0E78B944D2",
                     versionEndExcluding: "3.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en el DwaCompressor de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR",
      },
   ],
   id: "CVE-2021-23215",
   lastModified: "2024-11-21T05:51:23.330",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-08T12:15:10.600",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947586",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947586",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-14 23:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211288Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211289Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211290Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211291Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211293Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211294Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211295Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4339-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211288Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211289Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211290Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211293Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211294Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211295Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57A8F73B-345B-48BD-8D9B-92AD24033265",
                     versionEndExcluding: "2.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5B3BB46F-F586-4A2B-91C6-4D3AA226B478",
                     versionEndExcluding: "7.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5DBDFC69-1F0F-40E9-833E-FBFB92DF0541",
                     versionEndExcluding: "11.3",
                     versionStartIncluding: "10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B626717E-0DED-4C76-B92D-D58AB27EED01",
                     versionEndExcluding: "12.10.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87D68071-5235-4B50-90F0-B55B0C668840",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD0ACF42-C643-4DED-ADF7-4FA29B7578F7",
                     versionEndExcluding: "10.15.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC",
                     versionEndExcluding: "10.13.6",
                     versionStartIncluding: "10.13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0",
                     versionEndExcluding: "10.14.6",
                     versionStartIncluding: "10.14.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
                     matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
                     matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "8EA63C1C-1EEC-4961-A7B7-439D21293B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "B2F5D631-2306-4526-BEE5-22456D95ABAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "09FA5087-C576-483F-B660-F9D155933CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "888463CA-9C67-46B2-B197-DDD3A668F980",
                     versionEndExcluding: "13.4.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "494FA012-A268-42FC-B023-2A10817B1096",
                     versionEndExcluding: "6.2.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura y escritura fuera de límites en la función DwaCompressor::uncompress en el archivo ImfDwaCompressor.cpp cuando se maneja el caso de compresión DESCONOCIDO.",
      },
   ],
   id: "CVE-2020-11762",
   lastModified: "2024-11-21T04:58:33.270",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-14T23:15:12.387",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-03-04 18:15
Modified
2024-11-21 05:46
Summary
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.
Impacted products
Vendor Product Version
openexr openexr *
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A41E435-16D4-4706-B45A-0AB56664C6EF",
                     versionEndExcluding: "2.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.",
      },
      {
         lang: "es",
         value: "Un fallo encontrado en la función dataWindowForTile() del archivo IlmImf/ImfTiledMisc.cpp. Un atacante que sea capaz de enviar un archivo diseñado para ser procesado por OpenEXR podría desencadenar un desbordamiento de enteros, conllevando a una escritura fuera de límites en la pila. El mayor impacto de esta falla es la disponibilidad de la aplicación, con algún impacto potencial en la integridad de los datos también",
      },
   ],
   id: "CVE-2021-20303",
   lastModified: "2024-11-21T05:46:19.017",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.8,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 4.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-04T18:15:07.993",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939151",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/831",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939151",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/831",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-03-25 19:15
Modified
2024-11-21 06:22
Summary
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC6D9FE4-3265-4EF0-9A31-465814B9D4E0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.",
      },
      {
         lang: "es",
         value: "En la rutina RGBtoXYZ() del archivo ImfChromaticities.cpp, se presentan algunas operaciones de división como \"float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;\" y \"chroma.green.y * (X + Z)) / d;\" pero no es comprobado que el divisor tenga un valor 0. Un archivo especialmente diseñado podría desencadenar una condición de división por cero que podría afectar a la disponibilidad de los programas enlazados con OpenEXR",
      },
   ],
   id: "CVE-2021-3941",
   lastModified: "2024-11-21T06:22:49.330",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-25T19:15:09.307",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2019789",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2019789",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-369",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-369",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-26 01:15
Modified
2024-11-21 05:05
Summary
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.htmlThird Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.mdRelease Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.mdThird Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/pull/738Patch, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlThird Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4418-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.mdRelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.mdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/pull/738Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4418-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4454FB27-4F36-41F1-AB07-5601534FB726",
                     versionEndExcluding: "2.5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Los atributos chunkCount no válidos pueden causar un desbordamiento del búfer de la pila en la función getChunkOffsetTableSize() en el archivo IlmImf/ImfMisc.cpp",
      },
   ],
   id: "CVE-2020-15306",
   lastModified: "2024-11-21T05:05:17.380",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-26T01:15:10.540",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/738",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4418-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/738",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4418-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-30 18:15
Modified
2024-11-21 06:21
Summary
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
Impacted products
Vendor Product Version
openexr openexr *
openexr openexr *
debian debian_linux 9.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12541242-6F4A-457C-B0D3-B97C75F79627",
                     versionEndExcluding: "2.4.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3540D6CF-36A9-4FE9-9D0D-C3263DE61E62",
                     versionEndExcluding: "2.5.4",
                     versionStartIncluding: "2.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.",
      },
      {
         lang: "es",
         value: "Se encontró un fallo en la funcionalidad uncompression B44 de OpenEXR en versiones anteriores a 3.0.0-beta.&#xa0;Un atacante que pueda enviar un archivo diseñado a OpenEXR podría desencadenar desbordamientos de turno, lo que podría afectar la disponibilidad de la aplicación.",
      },
   ],
   id: "CVE-2021-3476",
   lastModified: "2024-11-21T06:21:38.110",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-30T18:15:18.077",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939145",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939145",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-06-08 12:15
Modified
2024-11-21 05:51
Summary
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
Impacted products
Vendor Product Version
openexr openexr *
fedoraproject fedora 33
fedoraproject fedora 34



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "815B6F00-E704-4438-85B8-5B0E78B944D2",
                     versionEndExcluding: "3.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.",
      },
      {
         lang: "es",
         value: "Se encontró un desbordamiento del búfer de la pila en la función copyIntoFrameBuffer de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para ejecutar código arbitrario con los permisos del usuario que ejecuta la aplicación compilada con OpenEXR",
      },
   ],
   id: "CVE-2021-23169",
   lastModified: "2024-11-21T05:51:19.137",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-08T12:15:10.413",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947612",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947612",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-14 23:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211288Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211289Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211290Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211291Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211293Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211294Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211295Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4339-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211288Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211289Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211290Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211293Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211294Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211295Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57A8F73B-345B-48BD-8D9B-92AD24033265",
                     versionEndExcluding: "2.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5B3BB46F-F586-4A2B-91C6-4D3AA226B478",
                     versionEndExcluding: "7.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5DBDFC69-1F0F-40E9-833E-FBFB92DF0541",
                     versionEndExcluding: "11.3",
                     versionStartIncluding: "10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B626717E-0DED-4C76-B92D-D58AB27EED01",
                     versionEndExcluding: "12.10.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87D68071-5235-4B50-90F0-B55B0C668840",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD0ACF42-C643-4DED-ADF7-4FA29B7578F7",
                     versionEndExcluding: "10.15.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC",
                     versionEndExcluding: "10.13.6",
                     versionStartIncluding: "10.13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0",
                     versionEndExcluding: "10.14.6",
                     versionStartIncluding: "10.14.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
                     matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
                     matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "8EA63C1C-1EEC-4961-A7B7-439D21293B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "B2F5D631-2306-4526-BEE5-22456D95ABAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "09FA5087-C576-483F-B660-F9D155933CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "888463CA-9C67-46B2-B197-DDD3A668F980",
                     versionEndExcluding: "13.4.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "494FA012-A268-42FC-B023-2A10817B1096",
                     versionEndExcluding: "6.2.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de límites durante una descompresión RLE en la función rleUncompress en el archivo ImfRle.cpp.",
      },
   ],
   id: "CVE-2020-11760",
   lastModified: "2024-11-21T04:58:32.837",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-14T23:15:12.277",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-06-08 12:15
Modified
2024-11-21 05:55
Summary
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "815B6F00-E704-4438-85B8-5B0E78B944D2",
                     versionEndExcluding: "3.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.",
      },
      {
         lang: "es",
         value: "Se encontró un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en el DwaCompressor de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR. Se trata de un fallo diferente de CVE-2021-23215",
      },
   ],
   id: "CVE-2021-26260",
   lastModified: "2024-11-21T05:55:59.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-08T12:15:10.790",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947582",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947582",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-12-09 21:15
Modified
2024-11-21 05:07
Summary
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
Impacted products
Vendor Product Version
openexr openexr 2.3.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "211E2557-6796-4695-AE6C-80D0C537B2D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.",
      },
      {
         lang: "es",
         value: "Se presenta un problema de Deferencia del Puntero Null en Academy Software Foundation OpenEXR versión 2.3.0 en la función generatePreview en el archivo makePreview.cpp que puede causar una denegación de servicio por medio de un archivo EXR diseñado",
      },
   ],
   id: "CVE-2020-16588",
   lastModified: "2024-11-21T05:07:10.030",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-12-09T21:15:14.913",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/issues/493",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/issues/493",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-01-01 01:15
Modified
2024-11-21 06:33
Summary
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
References
cve@mitre.orghttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416Exploit, Issue Tracking, Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937ePatch, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0Patch, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/pull/1209Exploit, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yamlThird Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/12/msg00022.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/
cve@mitre.orghttps://security.gentoo.org/glsa/202210-31Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2022/dsa-5299Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416Exploit, Issue Tracking, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937ePatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/pull/1209Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yamlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/12/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202210-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5299Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AA90700-5D9F-479F-8A3E-AB4F864535BA",
                     versionEndExcluding: "3.1.4",
                     versionStartIncluding: "3.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.",
      },
      {
         lang: "es",
         value: "OpenEXR versión 3.1.x anterior a la versión 3.1.4 tiene un desbordamiento de búfer basado en la pila en Imf_3_1::LineCompositeTask::execute (llamado desde IlmThread_3_1::NullThreadPoolProvider::addTask e IlmThread_3_1::ThreadPool::addGlobalTask). NOTA: db217f2 puede ser inaplicable",
      },
   ],
   id: "CVE-2021-45942",
   lastModified: "2024-11-21T06:33:19.397",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-01-01T01:15:09.043",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/1209",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/1209",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-31 14:15
Modified
2024-11-21 06:21
Summary
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
Impacted products
Vendor Product Version
openexr openexr *
openexr openexr *
debian debian_linux 9.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12541242-6F4A-457C-B0D3-B97C75F79627",
                     versionEndExcluding: "2.4.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3540D6CF-36A9-4FE9-9D0D-C3263DE61E62",
                     versionEndExcluding: "2.5.4",
                     versionStartIncluding: "2.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.",
      },
      {
         lang: "es",
         value: "Se presenta un fallo en los cálculos de tamaño de la muestra de mosaicos profundos de OpenEXR versiones anteriores a la 3.0.0-beta.&#xa0;Un atacante que pueda ser capaz de enviar un archivo diseñado para que sea procesado por OpenEXR podría desencadenar un desbordamiento de enteros, posteriormente conllevando a una lectura fuera de límites.&#xa0;El mayor riesgo de este fallo es la disponibilidad de la aplicación.",
      },
   ],
   id: "CVE-2021-3477",
   lastModified: "2024-11-21T06:21:38.260",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-31T14:15:21.047",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939159",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939159",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-21 18:29
Modified
2024-11-21 03:35
Summary
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2017/05/12/5Third Party Advisory
cve@mitre.orghttps://github.com/openexr/openexr/issues/232
cve@mitre.orghttps://github.com/openexr/openexr/pull/233
cve@mitre.orghttps://github.com/openexr/openexr/releases/tag/v2.2.1
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
cve@mitre.orghttps://usn.ubuntu.com/4148-1/
cve@mitre.orghttps://usn.ubuntu.com/4339-1/
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/05/12/5Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/issues/232
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/pull/233
af854a3a-2127-422b-91ae-364da2661108https://github.com/openexr/openexr/releases/tag/v2.2.1
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4148-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755
Impacted products
Vendor Product Version
openexr openexr 2.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA193BE-2354-4F9E-8415-F743BAAFEA2C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.",
      },
      {
         lang: "es",
         value: "En OpenEXR 2.2.0 una escritura inválida de tamaño 8 en la función storeSSE en ImfOptimizedPixelReading.h podría provocar el cierre inesperado de una aplicación o ejecutar código arbitrario.",
      },
   ],
   id: "CVE-2017-9111",
   lastModified: "2024-11-21T03:35:20.693",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-21T18:29:00.300",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-31 14:15
Modified
2024-11-21 06:21
Summary
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
Impacted products
Vendor Product Version
openexr openexr *
openexr openexr *
debian debian_linux 9.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12541242-6F4A-457C-B0D3-B97C75F79627",
                     versionEndExcluding: "2.4.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3540D6CF-36A9-4FE9-9D0D-C3263DE61E62",
                     versionEndExcluding: "2.5.4",
                     versionStartIncluding: "2.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.",
      },
      {
         lang: "es",
         value: "Se presenta un fallo en la funcionalidad de la API Scanline de OpenEXR en versiones anteriores a 3.0.0-beta.&#xa0;Un atacante que pueda ser capaz de enviar un archivo diseñado para que sea procesado por OpenEXR podría desencadenar un consumo excesivo de la memoria, resultando en un impacto para la disponibilidad del sistema.",
      },
   ],
   id: "CVE-2021-3479",
   lastModified: "2024-11-21T06:21:38.567",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-31T14:15:21.203",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939149",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939149",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-14 23:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-27Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211288Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211289Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211290Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211291Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211293Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211294Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT211295Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4339-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4755Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1987Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00056.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-27Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211288Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211289Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211290Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211293Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211294Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT211295Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4339-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4755Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57A8F73B-345B-48BD-8D9B-92AD24033265",
                     versionEndExcluding: "2.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5B3BB46F-F586-4A2B-91C6-4D3AA226B478",
                     versionEndExcluding: "7.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5DBDFC69-1F0F-40E9-833E-FBFB92DF0541",
                     versionEndExcluding: "11.3",
                     versionStartIncluding: "10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B626717E-0DED-4C76-B92D-D58AB27EED01",
                     versionEndExcluding: "12.10.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87D68071-5235-4B50-90F0-B55B0C668840",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
                     versionEndExcluding: "13.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC",
                     versionEndExcluding: "10.13.6",
                     versionStartIncluding: "10.13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0",
                     versionEndExcluding: "10.14.6",
                     versionStartIncluding: "10.14.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B5F6281-877C-491C-9C4A-C28C604FB422",
                     versionEndExcluding: "10.15.6",
                     versionStartIncluding: "10.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*",
                     matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*",
                     matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "8EA63C1C-1EEC-4961-A7B7-439D21293B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "B2F5D631-2306-4526-BEE5-22456D95ABAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "09FA5087-C576-483F-B660-F9D155933CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                     matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                     matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                     matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                     matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                     matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                     matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                     matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "888463CA-9C67-46B2-B197-DDD3A668F980",
                     versionEndExcluding: "13.4.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "494FA012-A268-42FC-B023-2A10817B1096",
                     versionEndExcluding: "6.2.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura y escritura fuera de límites en la función std::vector, como es demostrado por el archivo ImfTileOffsets.cpp.",
      },
   ],
   id: "CVE-2020-11763",
   lastModified: "2024-11-21T04:58:33.477",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-14T23:15:12.433",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211290",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT211295",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4339-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4755",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-04-01 14:15
Modified
2024-11-21 05:46
Summary
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
openexr openexr *
openexr openexr *
debian debian_linux 9.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12541242-6F4A-457C-B0D3-B97C75F79627",
                     versionEndExcluding: "2.4.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3540D6CF-36A9-4FE9-9D0D-C3263DE61E62",
                     versionEndExcluding: "2.5.4",
                     versionStartIncluding: "2.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.",
      },
      {
         lang: "es",
         value: "Se encontró un fallo en OpenEXR en versiones anteriores a 3.0.0-beta.&#xa0;Un archivo de entrada diseñado proporcionado por un atacante, que es procesado por la funcionalidad de decompresión Dwa de la biblioteca IlmImf de OpenEXR, podría causar una desreferencia del puntero NULL.&#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema.",
      },
   ],
   id: "CVE-2021-20296",
   lastModified: "2024-11-21T05:46:18.237",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-04-01T14:15:13.310",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939141",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939141",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202107-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-03-25 19:15
Modified
2024-11-21 06:22
Summary
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
Impacted products
Vendor Product Version
openexr openexr *
fedoraproject fedora 36
debian debian_linux 10.0
debian debian_linux 11.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A0BB276-DEC3-4217-B4DD-02796FEB7246",
                     versionEndExcluding: "3.1.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.",
      },
      {
         lang: "es",
         value: "Podría producirse un desbordamiento de enteros cuando OpenEXR procesa un archivo diseñado en sistemas donde size_t es menor a 64 bits. Esto podría causar un valor no válido de bytesPerLine y maxBytesPerLine, lo que podría conllevar a problemas con la estabilidad de la aplicación o conducir a otras vías de ataque",
      },
   ],
   id: "CVE-2021-3933",
   lastModified: "2024-11-21T06:22:48.513",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-25T19:15:09.247",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2019783",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2019783",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5299",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-23 16:15
Modified
2024-11-21 05:46
Summary
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
openexr openexr *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AA57D0D-80D4-442D-8686-698527811EA4",
                     versionEndIncluding: "2.5.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo en la funcionalidad hufDecode de OpenEXR. Este fallo permite a un atacante que pueda pasar un archivo diseñado para ser procesado por OpenEXR, desencadenar un error de desplazamiento a la derecha no definido. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema.",
      },
   ],
   id: "CVE-2021-20304",
   lastModified: "2024-11-21T05:46:19.143",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-23T16:15:09.087",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-20304",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939157",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/849",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-20304",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939157",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/849",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202210-31",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-21 18:29
Modified
2024-11-21 03:35
Summary
In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.
Impacted products
Vendor Product Version
openexr openexr 2.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA193BE-2354-4F9E-8415-F743BAAFEA2C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.",
      },
      {
         lang: "es",
         value: "En la versión 2.2.0 de OpenEXR, una lectura inválida de tamaño 1 en la función uncompress en ImfZip.cpp podría provocar el cierre inesperado de la aplicación.",
      },
   ],
   id: "CVE-2017-9116",
   lastModified: "2024-11-21T03:35:21.477",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-21T18:29:00.487",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4148-1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-03-04 18:15
Modified
2024-11-21 05:46
Summary
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.
Impacted products
Vendor Product Version
openexr openexr *
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A41E435-16D4-4706-B45A-0AB56664C6EF",
                     versionEndExcluding: "2.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo en la funcionalidad TiledInputFile de OpenEXR. Este fallo permite a un atacante que pueda enviar una imagen no diseñada de una sola parte para que sea procesada por OpenEXR, para desencadenar un error de excepción de punto flotante. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema",
      },
   ],
   id: "CVE-2021-20302",
   lastModified: "2024-11-21T05:46:18.903",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-04T18:15:07.937",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939161",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/842",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1939161",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/pull/842",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-12-09 21:15
Modified
2024-11-21 05:07
Summary
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
Impacted products
Vendor Product Version
openexr openexr 2.3.0
debian debian_linux 10.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "211E2557-6796-4695-AE6C-80D0C537B2D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.",
      },
      {
         lang: "es",
         value: "Se presenta un desbordamiento del búfer en la región heap de la memoria en Academy Software Foundation OpenEXR versión 2.3.0 en la función writeTileData en el archivo ImfTiledOutputFile.cpp que puede causar una denegación de servicio por medio de un archivo EXR diseñado",
      },
   ],
   id: "CVE-2020-16589",
   lastModified: "2024-11-21T05:07:10.177",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-12-09T21:15:14.977",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/issues/494",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/AcademySoftwareFoundation/openexr/issues/494",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-06-08 12:15
Modified
2024-11-21 05:57
Summary
An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
References
Impacted products
Vendor Product Version
openexr openexr *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "815B6F00-E704-4438-85B8-5B0E78B944D2",
                     versionEndExcluding: "3.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR",
      },
   ],
   id: "CVE-2021-26945",
   lastModified: "2024-11-21T05:57:05.910",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-08T12:15:11.213",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1947591",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-21 18:29
Modified
2024-11-21 03:35
Summary
In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
Impacted products
Vendor Product Version
openexr openexr 2.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA193BE-2354-4F9E-8415-F743BAAFEA2C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.",
      },
      {
         lang: "es",
         value: "En OpenEXR, una lectura inválida de tamaño 1 en la función getBits podría provocar el cierre inesperado de la aplicación.",
      },
   ],
   id: "CVE-2017-9112",
   lastModified: "2024-11-21T03:35:20.863",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-21T18:29:00.330",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/05/12/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/issues/232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/pull/233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/releases/tag/v2.2.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4148-1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-08-07 01:29
Modified
2024-11-21 03:09
Summary
In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
Impacted products
Vendor Product Version
openexr openexr 2.2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA193BE-2354-4F9E-8415-F743BAAFEA2C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.",
      },
      {
         lang: "es",
         value: "En OpenEXR 2.2.0, una imagen manipulada provoca una sobrelectura de búfer basada en memoria dinámica en la función hufDecode en IlmImf/ImfHuf.cpp durante la ejecución de exrmaketiled. Esto podría tener como consecuencia una denegación de servicio o, posiblemente, causar otro tipo de impacto no especificado.",
      },
   ],
   id: "CVE-2017-12596",
   lastModified: "2024-11-21T03:09:49.807",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-08-07T01:29:00.343",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/openexr/openexr/issues/238",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/openexr/openexr/releases/tag/v2.3.0",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/xiaoqx/pocs/blob/master/openexr.md",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://usn.ubuntu.com/4148-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/openexr/openexr/issues/238",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openexr/openexr/releases/tag/v2.3.0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/xiaoqx/pocs/blob/master/openexr.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4148-1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

var-202004-0474
Vulnerability from variot

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. OpenEXR Is vulnerable to out-of-bounds writes.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'copyIntoFrameBuffer' function of the ImfMisc.cpp file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27

                                       https://security.gentoo.org/

Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27

Synopsis

Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/openexr < 2.5.6 >= 2.5.6

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"

References

[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202107-27

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenEXR security update Advisory ID: RHSA-2020:4039-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4039 Issue date: 2020-09-29 CVE Names: CVE-2020-11761 CVE-2020-11763 CVE-2020-11764 ==================================================================== 1. Summary:

An update for OpenEXR is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format.

Security Fix(es):

  • OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)

  • OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)

  • OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

ppc64: OpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm OpenEXR-libs-1.7.1-8.el7.ppc.rpm OpenEXR-libs-1.7.1-8.el7.ppc64.rpm

ppc64le: OpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm OpenEXR-libs-1.7.1-8.el7.ppc64le.rpm

s390x: OpenEXR-debuginfo-1.7.1-8.el7.s390.rpm OpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm OpenEXR-libs-1.7.1-8.el7.s390.rpm OpenEXR-libs-1.7.1-8.el7.s390x.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: OpenEXR-1.7.1-8.el7.ppc64.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm OpenEXR-devel-1.7.1-8.el7.ppc.rpm OpenEXR-devel-1.7.1-8.el7.ppc64.rpm

ppc64le: OpenEXR-1.7.1-8.el7.ppc64le.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm OpenEXR-devel-1.7.1-8.el7.ppc64le.rpm

s390x: OpenEXR-1.7.1-8.el7.s390x.rpm OpenEXR-debuginfo-1.7.1-8.el7.s390.rpm OpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm OpenEXR-devel-1.7.1-8.el7.s390.rpm OpenEXR-devel-1.7.1-8.el7.s390x.rpm

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-11761 https://access.redhat.com/security/cve/CVE-2020-11763 https://access.redhat.com/security/cve/CVE-2020-11764 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBX3OhUtzjgjWX9erEAQhyFQ/+J5Ul3SoJTvzk/7rqW/WA4GkT5/I6owm1 BnhvO6tELbBul8250MCo/jaUukdjQ3bJ/ZdjmPFrPgNR7UrmIN0LQdAiDlMtnhIF 7Ppw7RDniUBtv3Q2471W4FQxpeXKf+n5sqkq+blxZbeYLXI7Nya/2qKirO0dJ4M1 bAl1exBJ4cSp+kuUOn8oBsGQi6L2oM6ldPf4KklMswOU69qDexywZNtvQVfANmur mNIx/9bmQG+WRlj941A1BFTsAdXsCyTc3qaBecC5iEFxKPkVlpfBhQJ+N6zxdKwj CtVftLiGpcuiWck6THkpPbQg9HWqtJI3tQyW5NUZFHhUnwvOw3SGKgN3ufsnS/tF 9MsnwovV+6kuR/k1UWiDXuSZrdjEIOSz0We8oT5VhOKNkXcE0OY4yxLKpVTlP1HN aM2OGkf3DiUdKEysSQ7yPa2tfimLYQS/XJo6w4FZPKapmOvF926/R7NgIIucvG4J U51DVzqGpkt40pK790wQLrwUZ/E+HYyeZpPJC8QrmJmPNXsXFEm4iYxjCIyaecKf hOlBFwy7mU6fuOLynrrfxeStoS0+zJFfYqdiKOfTpRoLozBqaA8Vt8VasOfOwGeY Ar+nuTxwoQn3KCSGvHk533UkNyqKqpNDIfyqk3M8y8S5HjXvoMx9zxaN0ujT4/pB vySbS8H4PEI=P3yT -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0474",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.8",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "10.0",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "7.20",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4.8",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.15.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "openexr",
            scope: "lt",
            trust: 1,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.15",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.14.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "20.04",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.13.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "19.10",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "32",
         },
         {
            model: "icloud",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.0",
         },
         {
            model: "leap",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "15.1",
         },
         {
            model: "watchos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "6.2.8",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.3",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.8,
            vendor: "openexr",
            version: "2.4.1",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            db: "NVD",
            id: "CVE-2020-11764",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:openexr:openexr",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Red Hat",
      sources: [
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2020-11764",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-11764",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.1,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004074",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-164375",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.8,
                  id: "CVE-2020-11764",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 5.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004074",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-11764",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-004074",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-961",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-975",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-164375",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-11764",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164375",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11764",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11764",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. OpenEXR Is vulnerable to out-of-bounds writes.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'copyIntoFrameBuffer' function of the ImfMisc.cpp file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenEXR: Multiple vulnerabilities\n     Date: July 11, 2021\n     Bugs: #717474, #746794, #762862, #770229, #776808\n       ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/openexr           < 2.5.6                    >= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[  1 ] CVE-2020-11758\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[  2 ] CVE-2020-11759\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[  3 ] CVE-2020-11760\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[  4 ] CVE-2020-11761\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[  5 ] CVE-2020-11762\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[  6 ] CVE-2020-11763\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[  7 ] CVE-2020-11764\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[  8 ] CVE-2020-11765\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[  9 ] CVE-2020-15304\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n       https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: OpenEXR security update\nAdvisory ID:       RHSA-2020:4039-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:4039\nIssue date:        2020-09-29\nCVE Names:         CVE-2020-11761 CVE-2020-11763 CVE-2020-11764\n====================================================================\n1. Summary:\n\nAn update for OpenEXR is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light & Magic for use in computer imaging applications. This\npackage contains libraries and sample applications for handling the format. \n\nSecurity Fix(es):\n\n* OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n* OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp\n(CVE-2020-11763)\n\n* OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in\nImfMisc.cpp (CVE-2020-11764)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nppc64:\nOpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm\nOpenEXR-libs-1.7.1-8.el7.ppc.rpm\nOpenEXR-libs-1.7.1-8.el7.ppc64.rpm\n\nppc64le:\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm\nOpenEXR-libs-1.7.1-8.el7.ppc64le.rpm\n\ns390x:\nOpenEXR-debuginfo-1.7.1-8.el7.s390.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm\nOpenEXR-libs-1.7.1-8.el7.s390.rpm\nOpenEXR-libs-1.7.1-8.el7.s390x.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nOpenEXR-1.7.1-8.el7.ppc64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm\nOpenEXR-devel-1.7.1-8.el7.ppc.rpm\nOpenEXR-devel-1.7.1-8.el7.ppc64.rpm\n\nppc64le:\nOpenEXR-1.7.1-8.el7.ppc64le.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm\nOpenEXR-devel-1.7.1-8.el7.ppc64le.rpm\n\ns390x:\nOpenEXR-1.7.1-8.el7.s390x.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.s390.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm\nOpenEXR-devel-1.7.1-8.el7.s390.rpm\nOpenEXR-devel-1.7.1-8.el7.s390x.rpm\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-11761\nhttps://access.redhat.com/security/cve/CVE-2020-11763\nhttps://access.redhat.com/security/cve/CVE-2020-11764\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3OhUtzjgjWX9erEAQhyFQ/+J5Ul3SoJTvzk/7rqW/WA4GkT5/I6owm1\nBnhvO6tELbBul8250MCo/jaUukdjQ3bJ/ZdjmPFrPgNR7UrmIN0LQdAiDlMtnhIF\n7Ppw7RDniUBtv3Q2471W4FQxpeXKf+n5sqkq+blxZbeYLXI7Nya/2qKirO0dJ4M1\nbAl1exBJ4cSp+kuUOn8oBsGQi6L2oM6ldPf4KklMswOU69qDexywZNtvQVfANmur\nmNIx/9bmQG+WRlj941A1BFTsAdXsCyTc3qaBecC5iEFxKPkVlpfBhQJ+N6zxdKwj\nCtVftLiGpcuiWck6THkpPbQg9HWqtJI3tQyW5NUZFHhUnwvOw3SGKgN3ufsnS/tF\n9MsnwovV+6kuR/k1UWiDXuSZrdjEIOSz0We8oT5VhOKNkXcE0OY4yxLKpVTlP1HN\naM2OGkf3DiUdKEysSQ7yPa2tfimLYQS/XJo6w4FZPKapmOvF926/R7NgIIucvG4J\nU51DVzqGpkt40pK790wQLrwUZ/E+HYyeZpPJC8QrmJmPNXsXFEm4iYxjCIyaecKf\nhOlBFwy7mU6fuOLynrrfxeStoS0+zJFfYqdiKOfTpRoLozBqaA8Vt8VasOfOwGeY\nAr+nuTxwoQn3KCSGvHk533UkNyqKqpNDIfyqk3M8y8S5HjXvoMx9zxaN0ujT4/pB\nvySbS8H4PEI=P3yT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-11764",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "VULHUB",
            id: "VHN-164375",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11764",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
      ],
      trust: 2.61,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-11764",
            trust: 2.9,
         },
         {
            db: "PACKETSTORM",
            id: "163465",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "159359",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-961",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.2985",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1448",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1816",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.3401",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "50010",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021071101",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021041363",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-24157",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-164375",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2020-11764",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "168903",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164375",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11764",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11764",
         },
      ],
   },
   id: "VAR-202004-0474",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164375",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T20:35:44.160000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "OpenEXR Release Notes",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
         },
         {
            title: "AcademySoftwareFoundation/openexr",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
         },
         {
            title: "Industrial Light and Magic OpenEXR Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=116442",
         },
         {
            title: "Red Hat: Moderate: OpenEXR security update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204039 - Security Advisory",
         },
         {
            title: "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b",
         },
         {
            title: "Ubuntu Security Notice: openexr vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1",
         },
         {
            title: "Debian Security Advisories: DSA-4755-1 openexr -- security update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=9325b22b993ac0e61f53dccb8f346da4",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11764",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-787",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164375",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            db: "NVD",
            id: "CVE-2020-11764",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://security.gentoo.org/glsa/202107-27",
         },
         {
            trust: 1.9,
            url: "https://usn.ubuntu.com/4339-1/",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211288",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211289",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211290",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211291",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211293",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211294",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211295",
         },
         {
            trust: 1.8,
            url: "https://www.debian.org/security/2020/dsa-4755",
         },
         {
            trust: 1.8,
            url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1",
         },
         {
            trust: 1.8,
            url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
         },
         {
            trust: 1.8,
            url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
         },
         {
            trust: 1.7,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11764",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11764",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.2985/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211291",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1448/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211295",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1816/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/159359/red-hat-security-advisory-2020-4039-01.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.3401/",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021071101",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/50010",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021041363",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11761",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11763",
         },
         {
            trust: 0.2,
            url: "https://access.redhat.com/errata/rhsa-2020:4039",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15305",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11765",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11758",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15306",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11762",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11759",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11760",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/787.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3476",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3478",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-20296",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3479",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15304",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3474",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3475",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3477",
         },
         {
            trust: 0.1,
            url: "https://www.redhat.com/mailman/listinfo/rhsa-announce",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2020-11764",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/articles/11258",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2020-11763",
         },
         {
            trust: 0.1,
            url: "https://bugzilla.redhat.com/):",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/key/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2020-11761",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/contact/",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openexr",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9115",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9113",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9111",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9114",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164375",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11764",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11764",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-164375",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11764",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11764",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-14T00:00:00",
            db: "VULHUB",
            id: "VHN-164375",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11764",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            date: "2021-07-12T15:22:22",
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            date: "2020-09-30T15:45:11",
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            date: "2020-08-28T19:12:00",
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
         {
            date: "2021-04-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2020-04-14T23:15:12.480000",
            db: "NVD",
            id: "CVE-2020-11764",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-01-09T00:00:00",
            db: "VULHUB",
            id: "VHN-164375",
         },
         {
            date: "2021-07-11T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11764",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
         {
            date: "2022-11-17T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2024-11-21T04:58:33.673000",
            db: "NVD",
            id: "CVE-2020-11764",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenEXR Out-of-bounds write vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004074",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-961",
         },
      ],
      trust: 0.6,
   },
}

var-202004-0469
Vulnerability from variot

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. OpenEXR Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock in versions prior to LIM OpenEXR 2.4.1 have an input validation error vulnerability. The vulnerability stems from the failure of the network system or product to properly validate the input data. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27

                                       https://security.gentoo.org/

Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27

Synopsis

Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.

Background

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/openexr < 2.5.6 >= 2.5.6

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"

References

[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202107-27

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

.

For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0469",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.8",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "10.0",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "7.20",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4.8",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.15.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "openexr",
            scope: "lt",
            trust: 1,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.15",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.14.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "20.04",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.13.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "19.10",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "32",
         },
         {
            model: "icloud",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.0",
         },
         {
            model: "watchos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "6.2.8",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.3",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.8,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.4",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.7",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.4.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.4.0",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11759",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            db: "NVD",
            id: "CVE-2020-11759",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:openexr:openexr",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Gentoo",
      sources: [
         {
            db: "PACKETSTORM",
            id: "163465",
         },
      ],
      trust: 0.1,
   },
   cve: "CVE-2020-11759",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-11759",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.1,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004027",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-164369",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.8,
                  id: "CVE-2020-11759",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 5.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004027",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-11759",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-004027",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-946",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-975",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-164369",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-11759",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164369",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11759",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-946",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11759",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. OpenEXR Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock in versions prior to LIM OpenEXR 2.4.1 have an input validation error vulnerability. The vulnerability stems from the failure of the network system or product to properly validate the input data. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenEXR: Multiple vulnerabilities\n     Date: July 11, 2021\n     Bugs: #717474, #746794, #762862, #770229, #776808\n       ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light & Magic for use in computer imaging applications. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/openexr           < 2.5.6                    >= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[  1 ] CVE-2020-11758\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[  2 ] CVE-2020-11759\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[  3 ] CVE-2020-11760\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[  4 ] CVE-2020-11761\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[  5 ] CVE-2020-11762\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[  6 ] CVE-2020-11763\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[  7 ] CVE-2020-11764\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[  8 ] CVE-2020-11765\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[  9 ] CVE-2020-15304\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n       https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-11759",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "VULHUB",
            id: "VHN-164369",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11759",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
      ],
      trust: 2.52,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-11759",
            trust: 2.8,
         },
         {
            db: "PACKETSTORM",
            id: "163465",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-946",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2021071101",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.2985",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1448",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "50014",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021041363",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-24152",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-164369",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2020-11759",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "168903",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164369",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11759",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-946",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11759",
         },
      ],
   },
   id: "VAR-202004-0469",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164369",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T20:14:04.003000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "OpenEXR Release Notes",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
         },
         {
            title: "v2.4.1",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
         },
         {
            title: "Industrial Light and Magic OpenEXR Enter the fix for the verification error vulnerability",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=116436",
         },
         {
            title: "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b",
         },
         {
            title: "Ubuntu Security Notice: openexr vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11759",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-946",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-190",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164369",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            db: "NVD",
            id: "CVE-2020-11759",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://usn.ubuntu.com/4339-1/",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/202107-27",
         },
         {
            trust: 1.8,
            url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211288",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211289",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211290",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211291",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211293",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211294",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211295",
         },
         {
            trust: 1.7,
            url: "https://www.debian.org/security/2020/dsa-4755",
         },
         {
            trust: 1.7,
            url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
         },
         {
            trust: 1.6,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11759",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11759",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.2985/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211291",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1448/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211295",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/50014",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021071101",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021041363",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11761",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15305",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11765",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11763",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11758",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15306",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11762",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11764",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11760",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/190.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3476",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3478",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-20296",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3479",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15304",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3474",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3475",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3477",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openexr",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9115",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9113",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9111",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9114",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164369",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11759",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-946",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11759",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-164369",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11759",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-946",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11759",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-14T00:00:00",
            db: "VULHUB",
            id: "VHN-164369",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11759",
         },
         {
            date: "2020-05-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            date: "2021-07-12T15:22:22",
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            date: "2020-08-28T19:12:00",
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-946",
         },
         {
            date: "2021-04-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2020-04-14T23:15:12.217000",
            db: "NVD",
            id: "CVE-2020-11759",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-01-09T00:00:00",
            db: "VULHUB",
            id: "VHN-164369",
         },
         {
            date: "2020-09-09T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11759",
         },
         {
            date: "2020-05-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
         {
            date: "2022-11-17T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-946",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2024-11-21T04:58:32.637000",
            db: "NVD",
            id: "CVE-2020-11759",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-946",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenEXR Integer overflow vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004027",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-946",
         },
      ],
      trust: 0.6,
   },
}

var-202004-0470
Vulnerability from variot

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'rleUncompress' function of the ImfRle.cpp file in versions prior to LIM OpenEXR 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27

                                       https://security.gentoo.org/

Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27

Synopsis

Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.

Background

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/openexr < 2.5.6 >= 2.5.6

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"

References

[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202107-27

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

.

For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0470",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.8",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "10.0",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "7.20",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4.8",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.15.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "openexr",
            scope: "lt",
            trust: 1,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.14.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "20.04",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.13.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "19.10",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "32",
         },
         {
            model: "icloud",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.0",
         },
         {
            model: "leap",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "15.1",
         },
         {
            model: "watchos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "6.2.8",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.3",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.8,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.4",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.7",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.4.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.4.0",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11760",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            db: "NVD",
            id: "CVE-2020-11760",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:openexr:openexr",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Gentoo",
      sources: [
         {
            db: "PACKETSTORM",
            id: "163465",
         },
      ],
      trust: 0.1,
   },
   cve: "CVE-2020-11760",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-11760",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.1,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004070",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-164371",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.8,
                  id: "CVE-2020-11760",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 5.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004070",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-11760",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-004070",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-948",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-975",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-164371",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-11760",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164371",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11760",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-948",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11760",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'rleUncompress' function of the ImfRle.cpp file in versions prior to LIM OpenEXR 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenEXR: Multiple vulnerabilities\n     Date: July 11, 2021\n     Bugs: #717474, #746794, #762862, #770229, #776808\n       ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light & Magic for use in computer imaging applications. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/openexr           < 2.5.6                    >= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[  1 ] CVE-2020-11758\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[  2 ] CVE-2020-11759\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[  3 ] CVE-2020-11760\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[  4 ] CVE-2020-11761\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[  5 ] CVE-2020-11762\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[  6 ] CVE-2020-11763\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[  7 ] CVE-2020-11764\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[  8 ] CVE-2020-11765\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[  9 ] CVE-2020-15304\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n       https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-11760",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "VULHUB",
            id: "VHN-164371",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11760",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
      ],
      trust: 2.52,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-11760",
            trust: 2.8,
         },
         {
            db: "PACKETSTORM",
            id: "163465",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-948",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2021071101",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1816",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.2985",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1448",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "50013",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021041363",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-24153",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-164371",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2020-11760",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "168903",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164371",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11760",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-948",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11760",
         },
      ],
   },
   id: "VAR-202004-0470",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164371",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T19:25:34.406000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "OpenEXR Release Notes",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
         },
         {
            title: "AcademySoftwareFoundation/openexr",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
         },
         {
            title: "Industrial Light and Magic OpenEXR Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=116437",
         },
         {
            title: "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b",
         },
         {
            title: "Ubuntu Security Notice: openexr vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11760",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-948",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-125",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164371",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            db: "NVD",
            id: "CVE-2020-11760",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://usn.ubuntu.com/4339-1/",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/202107-27",
         },
         {
            trust: 1.8,
            url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211288",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211289",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211290",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211291",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211293",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211294",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211295",
         },
         {
            trust: 1.7,
            url: "https://www.debian.org/security/2020/dsa-4755",
         },
         {
            trust: 1.7,
            url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
         },
         {
            trust: 1.7,
            url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
         },
         {
            trust: 1.6,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11760",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11760",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.2985/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211291",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1448/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211295",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1816/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/50013",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021071101",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021041363",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11761",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15305",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11765",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11763",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11758",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15306",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11762",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11764",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11759",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/125.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3476",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3478",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-20296",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3479",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15304",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3474",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3475",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3477",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openexr",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9115",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9113",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9111",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9114",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164371",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11760",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-948",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11760",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-164371",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11760",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-948",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11760",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-14T00:00:00",
            db: "VULHUB",
            id: "VHN-164371",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11760",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            date: "2021-07-12T15:22:22",
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            date: "2020-08-28T19:12:00",
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-948",
         },
         {
            date: "2021-04-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2020-04-14T23:15:12.277000",
            db: "NVD",
            id: "CVE-2020-11760",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-01-09T00:00:00",
            db: "VULHUB",
            id: "VHN-164371",
         },
         {
            date: "2020-09-09T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11760",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
         {
            date: "2022-11-17T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-948",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2024-11-21T04:58:32.837000",
            db: "NVD",
            id: "CVE-2020-11760",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-948",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenEXR Out-of-bounds read vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004070",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-948",
         },
      ],
      trust: 0.6,
   },
}

var-202004-0471
Vulnerability from variot

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'FastHufDecoder::refill' function of the ImfFastHuf.cpp file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27

                                       https://security.gentoo.org/

Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27

Synopsis

Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/openexr < 2.5.6 >= 2.5.6

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"

References

[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202107-27

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenEXR security update Advisory ID: RHSA-2020:4039-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4039 Issue date: 2020-09-29 CVE Names: CVE-2020-11761 CVE-2020-11763 CVE-2020-11764 ==================================================================== 1. Summary:

An update for OpenEXR is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format.

Security Fix(es):

  • OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)

  • OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)

  • OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

ppc64: OpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm OpenEXR-libs-1.7.1-8.el7.ppc.rpm OpenEXR-libs-1.7.1-8.el7.ppc64.rpm

ppc64le: OpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm OpenEXR-libs-1.7.1-8.el7.ppc64le.rpm

s390x: OpenEXR-debuginfo-1.7.1-8.el7.s390.rpm OpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm OpenEXR-libs-1.7.1-8.el7.s390.rpm OpenEXR-libs-1.7.1-8.el7.s390x.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: OpenEXR-1.7.1-8.el7.ppc64.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm OpenEXR-devel-1.7.1-8.el7.ppc.rpm OpenEXR-devel-1.7.1-8.el7.ppc64.rpm

ppc64le: OpenEXR-1.7.1-8.el7.ppc64le.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm OpenEXR-devel-1.7.1-8.el7.ppc64le.rpm

s390x: OpenEXR-1.7.1-8.el7.s390x.rpm OpenEXR-debuginfo-1.7.1-8.el7.s390.rpm OpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm OpenEXR-devel-1.7.1-8.el7.s390.rpm OpenEXR-devel-1.7.1-8.el7.s390x.rpm

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-11761 https://access.redhat.com/security/cve/CVE-2020-11763 https://access.redhat.com/security/cve/CVE-2020-11764 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBX3OhUtzjgjWX9erEAQhyFQ/+J5Ul3SoJTvzk/7rqW/WA4GkT5/I6owm1 BnhvO6tELbBul8250MCo/jaUukdjQ3bJ/ZdjmPFrPgNR7UrmIN0LQdAiDlMtnhIF 7Ppw7RDniUBtv3Q2471W4FQxpeXKf+n5sqkq+blxZbeYLXI7Nya/2qKirO0dJ4M1 bAl1exBJ4cSp+kuUOn8oBsGQi6L2oM6ldPf4KklMswOU69qDexywZNtvQVfANmur mNIx/9bmQG+WRlj941A1BFTsAdXsCyTc3qaBecC5iEFxKPkVlpfBhQJ+N6zxdKwj CtVftLiGpcuiWck6THkpPbQg9HWqtJI3tQyW5NUZFHhUnwvOw3SGKgN3ufsnS/tF 9MsnwovV+6kuR/k1UWiDXuSZrdjEIOSz0We8oT5VhOKNkXcE0OY4yxLKpVTlP1HN aM2OGkf3DiUdKEysSQ7yPa2tfimLYQS/XJo6w4FZPKapmOvF926/R7NgIIucvG4J U51DVzqGpkt40pK790wQLrwUZ/E+HYyeZpPJC8QrmJmPNXsXFEm4iYxjCIyaecKf hOlBFwy7mU6fuOLynrrfxeStoS0+zJFfYqdiKOfTpRoLozBqaA8Vt8VasOfOwGeY Ar+nuTxwoQn3KCSGvHk533UkNyqKqpNDIfyqk3M8y8S5HjXvoMx9zxaN0ujT4/pB vySbS8H4PEI=P3yT -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4339-1 April 27, 2020

openexr vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04
  • Ubuntu 19.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenEXR.

Software Description: - openexr: tools for the OpenEXR image format

Details:

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)

Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)

Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04: libopenexr24 2.3.0-6ubuntu0.1 openexr 2.3.0-6ubuntu0.1

Ubuntu 19.10: libopenexr23 2.2.1-4.1ubuntu1.1 openexr 2.2.1-4.1ubuntu1.1

Ubuntu 18.04 LTS: libopenexr22 2.2.0-11.1ubuntu1.2 openexr 2.2.0-11.1ubuntu1.2

Ubuntu 16.04 LTS: libopenexr22 2.2.0-10ubuntu2.2 openexr 2.2.0-10ubuntu2.2

In general, a standard system update will make all the necessary changes.

For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0471",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.8",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "10.0",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "7.20",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4.8",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.15.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "openexr",
            scope: "lt",
            trust: 1,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.14.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "20.04",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.13.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "19.10",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "32",
         },
         {
            model: "icloud",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.0",
         },
         {
            model: "watchos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "6.2.8",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.3",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.8,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.4",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.7",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.4.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.4.0",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11761",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            db: "NVD",
            id: "CVE-2020-11761",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:openexr:openexr",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Red Hat",
      sources: [
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2020-11761",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-11761",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.1,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004071",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-164372",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.8,
                  id: "CVE-2020-11761",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 5.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004071",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-11761",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-004071",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-952",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-975",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-164372",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-11761",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164372",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11761",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11761",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'FastHufDecoder::refill' function of the ImfFastHuf.cpp file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenEXR: Multiple vulnerabilities\n     Date: July 11, 2021\n     Bugs: #717474, #746794, #762862, #770229, #776808\n       ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/openexr           < 2.5.6                    >= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[  1 ] CVE-2020-11758\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[  2 ] CVE-2020-11759\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[  3 ] CVE-2020-11760\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[  4 ] CVE-2020-11761\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[  5 ] CVE-2020-11762\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[  6 ] CVE-2020-11763\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[  7 ] CVE-2020-11764\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[  8 ] CVE-2020-11765\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[  9 ] CVE-2020-15304\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n       https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: OpenEXR security update\nAdvisory ID:       RHSA-2020:4039-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:4039\nIssue date:        2020-09-29\nCVE Names:         CVE-2020-11761 CVE-2020-11763 CVE-2020-11764\n====================================================================\n1. Summary:\n\nAn update for OpenEXR is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light & Magic for use in computer imaging applications. This\npackage contains libraries and sample applications for handling the format. \n\nSecurity Fix(es):\n\n* OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)\n\n* OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp\n(CVE-2020-11763)\n\n* OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in\nImfMisc.cpp (CVE-2020-11764)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nppc64:\nOpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm\nOpenEXR-libs-1.7.1-8.el7.ppc.rpm\nOpenEXR-libs-1.7.1-8.el7.ppc64.rpm\n\nppc64le:\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm\nOpenEXR-libs-1.7.1-8.el7.ppc64le.rpm\n\ns390x:\nOpenEXR-debuginfo-1.7.1-8.el7.s390.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm\nOpenEXR-libs-1.7.1-8.el7.s390.rpm\nOpenEXR-libs-1.7.1-8.el7.s390x.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nOpenEXR-1.7.1-8.el7.ppc64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm\nOpenEXR-devel-1.7.1-8.el7.ppc.rpm\nOpenEXR-devel-1.7.1-8.el7.ppc64.rpm\n\nppc64le:\nOpenEXR-1.7.1-8.el7.ppc64le.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm\nOpenEXR-devel-1.7.1-8.el7.ppc64le.rpm\n\ns390x:\nOpenEXR-1.7.1-8.el7.s390x.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.s390.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm\nOpenEXR-devel-1.7.1-8.el7.s390.rpm\nOpenEXR-devel-1.7.1-8.el7.s390x.rpm\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-11761\nhttps://access.redhat.com/security/cve/CVE-2020-11763\nhttps://access.redhat.com/security/cve/CVE-2020-11764\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3OhUtzjgjWX9erEAQhyFQ/+J5Ul3SoJTvzk/7rqW/WA4GkT5/I6owm1\nBnhvO6tELbBul8250MCo/jaUukdjQ3bJ/ZdjmPFrPgNR7UrmIN0LQdAiDlMtnhIF\n7Ppw7RDniUBtv3Q2471W4FQxpeXKf+n5sqkq+blxZbeYLXI7Nya/2qKirO0dJ4M1\nbAl1exBJ4cSp+kuUOn8oBsGQi6L2oM6ldPf4KklMswOU69qDexywZNtvQVfANmur\nmNIx/9bmQG+WRlj941A1BFTsAdXsCyTc3qaBecC5iEFxKPkVlpfBhQJ+N6zxdKwj\nCtVftLiGpcuiWck6THkpPbQg9HWqtJI3tQyW5NUZFHhUnwvOw3SGKgN3ufsnS/tF\n9MsnwovV+6kuR/k1UWiDXuSZrdjEIOSz0We8oT5VhOKNkXcE0OY4yxLKpVTlP1HN\naM2OGkf3DiUdKEysSQ7yPa2tfimLYQS/XJo6w4FZPKapmOvF926/R7NgIIucvG4J\nU51DVzqGpkt40pK790wQLrwUZ/E+HYyeZpPJC8QrmJmPNXsXFEm4iYxjCIyaecKf\nhOlBFwy7mU6fuOLynrrfxeStoS0+zJFfYqdiKOfTpRoLozBqaA8Vt8VasOfOwGeY\nAr+nuTxwoQn3KCSGvHk533UkNyqKqpNDIfyqk3M8y8S5HjXvoMx9zxaN0ujT4/pB\nvySbS8H4PEI=P3yT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4339-1\nApril 27, 2020\n\nopenexr vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenEXR. \n\nSoftware Description:\n- openexr: tools for the OpenEXR image format\n\nDetails:\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image file,\na remote attacker could cause a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2018-18444)\n\nSamuel Groß discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760,\nCVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service. (CVE-2020-11765)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04:\n  libopenexr24                    2.3.0-6ubuntu0.1\n  openexr                         2.3.0-6ubuntu0.1\n\nUbuntu 19.10:\n  libopenexr23                    2.2.1-4.1ubuntu1.1\n  openexr                         2.2.1-4.1ubuntu1.1\n\nUbuntu 18.04 LTS:\n  libopenexr22                    2.2.0-11.1ubuntu1.2\n  openexr                         2.2.0-11.1ubuntu1.2\n\nUbuntu 16.04 LTS:\n  libopenexr22                    2.2.0-10ubuntu2.2\n  openexr                         2.2.0-10ubuntu2.2\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-11761",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "VULHUB",
            id: "VHN-164372",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11761",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
      ],
      trust: 2.7,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-11761",
            trust: 3,
         },
         {
            db: "PACKETSTORM",
            id: "163465",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "159359",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-952",
            trust: 0.7,
         },
         {
            db: "PACKETSTORM",
            id: "157403",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.2985",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1448",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1816",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.3401",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021071101",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "50012",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021041363",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-24154",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-164372",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2020-11761",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "168903",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164372",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11761",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11761",
         },
      ],
   },
   id: "VAR-202004-0471",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164372",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T20:59:07.730000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "OpenEXR Release Notes",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
         },
         {
            title: "AcademySoftwareFoundation/openexr",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
         },
         {
            title: "Industrial Light and Magic OpenEXR Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=116439",
         },
         {
            title: "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b",
         },
         {
            title: "Ubuntu Security Notice: openexr vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11761",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-125",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164372",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            db: "NVD",
            id: "CVE-2020-11761",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://usn.ubuntu.com/4339-1/",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/202107-27",
         },
         {
            trust: 1.8,
            url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1",
         },
         {
            trust: 1.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11761",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211288",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211289",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211290",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211291",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211293",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211294",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211295",
         },
         {
            trust: 1.7,
            url: "https://www.debian.org/security/2020/dsa-4755",
         },
         {
            trust: 1.7,
            url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
         },
         {
            trust: 1.7,
            url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11761",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1448/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/50012",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021071101",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.2985/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211291",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/157403/ubuntu-security-notice-usn-4339-1.html",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211295",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1816/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/159359/red-hat-security-advisory-2020-4039-01.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.3401/",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021041363",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11765",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11763",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11758",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11762",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11764",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15305",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15306",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11759",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11760",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9111",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/125.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3476",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3478",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-20296",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3479",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15304",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3474",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3475",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3477",
         },
         {
            trust: 0.1,
            url: "https://www.redhat.com/mailman/listinfo/rhsa-announce",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2020-11764",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/errata/rhsa-2020:4039",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/articles/11258",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2020-11763",
         },
         {
            trust: 0.1,
            url: "https://bugzilla.redhat.com/):",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/key/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2020-11761",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/contact/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-18444",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2",
         },
         {
            trust: 0.1,
            url: "https://usn.ubuntu.com/4339-1",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openexr",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9115",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9113",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9114",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164372",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11761",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11761",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-164372",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11761",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11761",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-14T00:00:00",
            db: "VULHUB",
            id: "VHN-164372",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11761",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            date: "2021-07-12T15:22:22",
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            date: "2020-09-30T15:45:11",
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            date: "2020-04-27T15:19:30",
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            date: "2020-08-28T19:12:00",
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
         {
            date: "2021-04-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2020-04-14T23:15:12.327000",
            db: "NVD",
            id: "CVE-2020-11761",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-01-09T00:00:00",
            db: "VULHUB",
            id: "VHN-164372",
         },
         {
            date: "2020-09-09T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11761",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
         {
            date: "2022-11-17T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2024-11-21T04:58:33.050000",
            db: "NVD",
            id: "CVE-2020-11761",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenEXR Out-of-bounds read vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004071",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-952",
         },
      ],
      trust: 0.6,
   },
}

var-202004-0472
Vulnerability from variot

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. OpenEXR There are vulnerabilities related to out-of-bounds writes and out-of-bounds reads.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'DwaCompressor::uncompress' function of the ImfDwaCompressor.cpp file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27

                                       https://security.gentoo.org/

Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27

Synopsis

Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.

Background

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/openexr < 2.5.6 >= 2.5.6

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"

References

[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202107-27

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. ========================================================================== Ubuntu Security Notice USN-4339-1 April 27, 2020

openexr vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04
  • Ubuntu 19.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenEXR.

Software Description: - openexr: tools for the OpenEXR image format

Details:

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)

Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)

Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04: libopenexr24 2.3.0-6ubuntu0.1 openexr 2.3.0-6ubuntu0.1

Ubuntu 19.10: libopenexr23 2.2.1-4.1ubuntu1.1 openexr 2.2.1-4.1ubuntu1.1

Ubuntu 18.04 LTS: libopenexr22 2.2.0-11.1ubuntu1.2 openexr 2.2.0-11.1ubuntu1.2

Ubuntu 16.04 LTS: libopenexr22 2.2.0-10ubuntu2.2 openexr 2.2.0-10ubuntu2.2

In general, a standard system update will make all the necessary changes.

References: https://usn.ubuntu.com/4339-1 CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765

Package Information: https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1 https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1 https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2 https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2

.

For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0472",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.8",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "10.0",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "7.20",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4.8",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.15.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "openexr",
            scope: "lt",
            trust: 1,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.14.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "20.04",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.13.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "19.10",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "32",
         },
         {
            model: "icloud",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.0",
         },
         {
            model: "leap",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "15.1",
         },
         {
            model: "watchos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "6.2.8",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.3",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.8,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.4",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.7",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.4.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.4.0",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11762",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            db: "NVD",
            id: "CVE-2020-11762",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:openexr:openexr",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Ubuntu",
      sources: [
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2020-11762",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-11762",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.1,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004072",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-164373",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.8,
                  id: "CVE-2020-11762",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 5.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004072",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-11762",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-004072",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-955",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-975",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-164373",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-11762",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164373",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11762",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11762",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. OpenEXR There are vulnerabilities related to out-of-bounds writes and out-of-bounds reads.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'DwaCompressor::uncompress' function of the ImfDwaCompressor.cpp file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenEXR: Multiple vulnerabilities\n     Date: July 11, 2021\n     Bugs: #717474, #746794, #762862, #770229, #776808\n       ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light & Magic for use in computer imaging applications. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/openexr           < 2.5.6                    >= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[  1 ] CVE-2020-11758\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[  2 ] CVE-2020-11759\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[  3 ] CVE-2020-11760\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[  4 ] CVE-2020-11761\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[  5 ] CVE-2020-11762\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[  6 ] CVE-2020-11763\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[  7 ] CVE-2020-11764\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[  8 ] CVE-2020-11765\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[  9 ] CVE-2020-15304\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n       https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. ==========================================================================\nUbuntu Security Notice USN-4339-1\nApril 27, 2020\n\nopenexr vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenEXR. \n\nSoftware Description:\n- openexr: tools for the OpenEXR image format\n\nDetails:\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image file,\na remote attacker could cause a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2018-18444)\n\nSamuel Groß discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760,\nCVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service. (CVE-2020-11765)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04:\n  libopenexr24                    2.3.0-6ubuntu0.1\n  openexr                         2.3.0-6ubuntu0.1\n\nUbuntu 19.10:\n  libopenexr23                    2.2.1-4.1ubuntu1.1\n  openexr                         2.2.1-4.1ubuntu1.1\n\nUbuntu 18.04 LTS:\n  libopenexr22                    2.2.0-11.1ubuntu1.2\n  openexr                         2.2.0-11.1ubuntu1.2\n\nUbuntu 16.04 LTS:\n  libopenexr22                    2.2.0-10ubuntu2.2\n  openexr                         2.2.0-10ubuntu2.2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://usn.ubuntu.com/4339-1\n  CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444,\n  CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761,\n  CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1\n  https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1\n  https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2\n  https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-11762",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "VULHUB",
            id: "VHN-164373",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11762",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
      ],
      trust: 2.61,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-11762",
            trust: 2.9,
         },
         {
            db: "PACKETSTORM",
            id: "163465",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-955",
            trust: 0.7,
         },
         {
            db: "PACKETSTORM",
            id: "157403",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2021071101",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1816",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.2985",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1448",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "50003",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021041363",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-24155",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-164373",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2020-11762",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "168903",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164373",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11762",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11762",
         },
      ],
   },
   id: "VAR-202004-0472",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164373",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T19:30:40.322000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "OpenEXR Release Notes",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
         },
         {
            title: "AcademySoftwareFoundation/openexr",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
         },
         {
            title: "Industrial Light and Magic OpenEXR Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=116440",
         },
         {
            title: "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b",
         },
         {
            title: "Ubuntu Security Notice: openexr vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11762",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-125",
            trust: 1.9,
         },
         {
            problemtype: "CWE-787",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164373",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            db: "NVD",
            id: "CVE-2020-11762",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://usn.ubuntu.com/4339-1/",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/202107-27",
         },
         {
            trust: 1.8,
            url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211288",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211289",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211290",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211291",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211293",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211294",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211295",
         },
         {
            trust: 1.7,
            url: "https://www.debian.org/security/2020/dsa-4755",
         },
         {
            trust: 1.7,
            url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
         },
         {
            trust: 1.7,
            url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
         },
         {
            trust: 1.7,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11762",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11762",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.2985/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211291",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/157403/ubuntu-security-notice-usn-4339-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1448/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211295",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1816/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/50003",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021071101",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021041363",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11761",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11765",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11758",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15305",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11763",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15306",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11764",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11759",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11760",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9111",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/787.html",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/125.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3476",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3478",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-20296",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3479",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15304",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3474",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3475",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3477",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-18444",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2",
         },
         {
            trust: 0.1,
            url: "https://usn.ubuntu.com/4339-1",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openexr",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9115",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9113",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9114",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164373",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11762",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11762",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-164373",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11762",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11762",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-14T00:00:00",
            db: "VULHUB",
            id: "VHN-164373",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11762",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            date: "2021-07-12T15:22:22",
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            date: "2020-04-27T15:19:30",
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            date: "2020-08-28T19:12:00",
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
         {
            date: "2021-04-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2020-04-14T23:15:12.387000",
            db: "NVD",
            id: "CVE-2020-11762",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-01-09T00:00:00",
            db: "VULHUB",
            id: "VHN-164373",
         },
         {
            date: "2020-09-09T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11762",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
         {
            date: "2022-11-17T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2024-11-21T04:58:33.270000",
            db: "NVD",
            id: "CVE-2020-11762",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenEXR Out-of-bounds write vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004072",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-955",
         },
      ],
      trust: 0.6,
   },
}

var-202004-0475
Vulnerability from variot

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. OpenEXR There is a vulnerability in determining boundary conditions.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A security vulnerability exists in LIM OpenEXR versions prior to 2.4.1. An attacker could exploit this vulnerability to crash the application or obtain information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27

                                       https://security.gentoo.org/

Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27

Synopsis

Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.

Background

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/openexr < 2.5.6 >= 2.5.6

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"

References

[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202107-27

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. ========================================================================== Ubuntu Security Notice USN-4339-1 April 27, 2020

openexr vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04
  • Ubuntu 19.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenEXR.

Software Description: - openexr: tools for the OpenEXR image format

Details:

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)

Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)

Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04: libopenexr24 2.3.0-6ubuntu0.1 openexr 2.3.0-6ubuntu0.1

Ubuntu 19.10: libopenexr23 2.2.1-4.1ubuntu1.1 openexr 2.2.1-4.1ubuntu1.1

Ubuntu 18.04 LTS: libopenexr22 2.2.0-11.1ubuntu1.2 openexr 2.2.0-11.1ubuntu1.2

Ubuntu 16.04 LTS: libopenexr22 2.2.0-10ubuntu2.2 openexr 2.2.0-10ubuntu2.2

In general, a standard system update will make all the necessary changes.

References: https://usn.ubuntu.com/4339-1 CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765

Package Information: https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1 https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1 https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2 https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2

.

For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0475",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.8",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "10.0",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "7.20",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4.8",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.15.6",
         },
         {
            model: "openexr",
            scope: "lt",
            trust: 1,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.15",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.14.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "20.04",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.13.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "19.10",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "32",
         },
         {
            model: "icloud",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.0",
         },
         {
            model: "leap",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "15.1",
         },
         {
            model: "watchos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "6.2.8",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.3",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.8,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.4",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.7",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.4.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.4.0",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11765",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            db: "NVD",
            id: "CVE-2020-11765",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:openexr:openexr",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Ubuntu",
      sources: [
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2020-11765",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-11765",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.1,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004075",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-164376",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.8,
                  id: "CVE-2020-11765",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 5.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004075",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-11765",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-004075",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-965",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-975",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-164376",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-11765",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164376",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11765",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11765",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. OpenEXR There is a vulnerability in determining boundary conditions.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A security vulnerability exists in LIM OpenEXR versions prior to 2.4.1. An attacker could exploit this vulnerability to crash the application or obtain information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenEXR: Multiple vulnerabilities\n     Date: July 11, 2021\n     Bugs: #717474, #746794, #762862, #770229, #776808\n       ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light & Magic for use in computer imaging applications. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/openexr           < 2.5.6                    >= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[  1 ] CVE-2020-11758\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[  2 ] CVE-2020-11759\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[  3 ] CVE-2020-11760\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[  4 ] CVE-2020-11761\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[  5 ] CVE-2020-11762\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[  6 ] CVE-2020-11763\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[  7 ] CVE-2020-11764\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[  8 ] CVE-2020-11765\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[  9 ] CVE-2020-15304\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n       https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. ==========================================================================\nUbuntu Security Notice USN-4339-1\nApril 27, 2020\n\nopenexr vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenEXR. \n\nSoftware Description:\n- openexr: tools for the OpenEXR image format\n\nDetails:\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image file,\na remote attacker could cause a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2018-18444)\n\nSamuel Groß discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760,\nCVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service. (CVE-2020-11765)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04:\n  libopenexr24                    2.3.0-6ubuntu0.1\n  openexr                         2.3.0-6ubuntu0.1\n\nUbuntu 19.10:\n  libopenexr23                    2.2.1-4.1ubuntu1.1\n  openexr                         2.2.1-4.1ubuntu1.1\n\nUbuntu 18.04 LTS:\n  libopenexr22                    2.2.0-11.1ubuntu1.2\n  openexr                         2.2.0-11.1ubuntu1.2\n\nUbuntu 16.04 LTS:\n  libopenexr22                    2.2.0-10ubuntu2.2\n  openexr                         2.2.0-10ubuntu2.2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://usn.ubuntu.com/4339-1\n  CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444,\n  CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761,\n  CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1\n  https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1\n  https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2\n  https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-11765",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "VULHUB",
            id: "VHN-164376",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11765",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
      ],
      trust: 2.61,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-11765",
            trust: 2.9,
         },
         {
            db: "PACKETSTORM",
            id: "163465",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-965",
            trust: 0.7,
         },
         {
            db: "PACKETSTORM",
            id: "157403",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2021071101",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1816",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1448",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.2985",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "50000",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021041363",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-24158",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-164376",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2020-11765",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "168903",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164376",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11765",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11765",
         },
      ],
   },
   id: "VAR-202004-0475",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164376",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T21:01:33.688000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "OpenEXR Release Notes",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
         },
         {
            title: "AcademySoftwareFoundation/openexr",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
         },
         {
            title: "Industrial Light and Magic OpenEXR Security vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115984",
         },
         {
            title: "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b",
         },
         {
            title: "Ubuntu Security Notice: openexr vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11765",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-193",
            trust: 1.9,
         },
         {
            problemtype: "CWE-125",
            trust: 1.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164376",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            db: "NVD",
            id: "CVE-2020-11765",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://usn.ubuntu.com/4339-1/",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/202107-27",
         },
         {
            trust: 1.8,
            url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211288",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211289",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211290",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211291",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211293",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211294",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211295",
         },
         {
            trust: 1.7,
            url: "https://www.debian.org/security/2020/dsa-4755",
         },
         {
            trust: 1.7,
            url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
         },
         {
            trust: 1.7,
            url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
         },
         {
            trust: 1.7,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11765",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11765",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.2985/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211291",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/157403/ubuntu-security-notice-usn-4339-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1448/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211295",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1816/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/50000",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021071101",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021041363",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11761",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11758",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11762",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15305",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11763",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15306",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11764",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11759",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11760",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9111",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/193.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3476",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3478",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-20296",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3479",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15304",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3474",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3475",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3477",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-18444",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2",
         },
         {
            trust: 0.1,
            url: "https://usn.ubuntu.com/4339-1",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openexr",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9115",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9113",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9114",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164376",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11765",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11765",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-164376",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11765",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11765",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-14T00:00:00",
            db: "VULHUB",
            id: "VHN-164376",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11765",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            date: "2021-07-12T15:22:22",
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            date: "2020-04-27T15:19:30",
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            date: "2020-08-28T19:12:00",
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
         {
            date: "2021-04-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2020-04-14T23:15:12.560000",
            db: "NVD",
            id: "CVE-2020-11765",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-01-09T00:00:00",
            db: "VULHUB",
            id: "VHN-164376",
         },
         {
            date: "2020-09-09T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11765",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
         {
            date: "2022-04-27T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2024-11-21T04:58:33.867000",
            db: "NVD",
            id: "CVE-2020-11765",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenEXR Vulnerability in determining boundary conditions in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004075",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "other",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-965",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
      ],
      trust: 1.2,
   },
}

var-202004-0468
Vulnerability from variot

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the ImfOptimizedPixelReading.h file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27

                                       https://security.gentoo.org/

Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27

Synopsis

Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.

Background

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/openexr < 2.5.6 >= 2.5.6

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"

References

[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202107-27

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. ========================================================================== Ubuntu Security Notice USN-4339-1 April 27, 2020

openexr vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04
  • Ubuntu 19.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenEXR.

Software Description: - openexr: tools for the OpenEXR image format

Details:

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)

Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)

Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04: libopenexr24 2.3.0-6ubuntu0.1 openexr 2.3.0-6ubuntu0.1

Ubuntu 19.10: libopenexr23 2.2.1-4.1ubuntu1.1 openexr 2.2.1-4.1ubuntu1.1

Ubuntu 18.04 LTS: libopenexr22 2.2.0-11.1ubuntu1.2 openexr 2.2.0-11.1ubuntu1.2

Ubuntu 16.04 LTS: libopenexr22 2.2.0-10ubuntu2.2 openexr 2.2.0-10ubuntu2.2

In general, a standard system update will make all the necessary changes.

References: https://usn.ubuntu.com/4339-1 CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765

Package Information: https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1 https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1 https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2 https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2

.

For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0468",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.8",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "10.0",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "7.20",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4.8",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.15.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "openexr",
            scope: "lt",
            trust: 1,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.14.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "20.04",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "icloud",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "11.0",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.13.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "19.10",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "32",
         },
         {
            model: "leap",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "15.1",
         },
         {
            model: "watchos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "6.2.8",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.3",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.8,
            vendor: "openexr",
            version: "2.4.1",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            db: "NVD",
            id: "CVE-2020-11758",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:openexr:openexr",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Ubuntu",
      sources: [
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2020-11758",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-11758",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.1,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004026",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-164368",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.8,
                  id: "CVE-2020-11758",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 5.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004026",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-11758",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-004026",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-944",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-975",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-164368",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-11758",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164368",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11758",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11758",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the ImfOptimizedPixelReading.h file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenEXR: Multiple vulnerabilities\n     Date: July 11, 2021\n     Bugs: #717474, #746794, #762862, #770229, #776808\n       ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light & Magic for use in computer imaging applications. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/openexr           < 2.5.6                    >= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[  1 ] CVE-2020-11758\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[  2 ] CVE-2020-11759\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[  3 ] CVE-2020-11760\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[  4 ] CVE-2020-11761\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[  5 ] CVE-2020-11762\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[  6 ] CVE-2020-11763\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[  7 ] CVE-2020-11764\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[  8 ] CVE-2020-11765\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[  9 ] CVE-2020-15304\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n       https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. ==========================================================================\nUbuntu Security Notice USN-4339-1\nApril 27, 2020\n\nopenexr vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenEXR. \n\nSoftware Description:\n- openexr: tools for the OpenEXR image format\n\nDetails:\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image file,\na remote attacker could cause a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 20.04 LTS. \n(CVE-2018-18444)\n\nSamuel Groß discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760,\nCVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)\n\nIt was discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service. (CVE-2020-11765)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04:\n  libopenexr24                    2.3.0-6ubuntu0.1\n  openexr                         2.3.0-6ubuntu0.1\n\nUbuntu 19.10:\n  libopenexr23                    2.2.1-4.1ubuntu1.1\n  openexr                         2.2.1-4.1ubuntu1.1\n\nUbuntu 18.04 LTS:\n  libopenexr22                    2.2.0-11.1ubuntu1.2\n  openexr                         2.2.0-11.1ubuntu1.2\n\nUbuntu 16.04 LTS:\n  libopenexr22                    2.2.0-10ubuntu2.2\n  openexr                         2.2.0-10ubuntu2.2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://usn.ubuntu.com/4339-1\n  CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444,\n  CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761,\n  CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1\n  https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1\n  https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2\n  https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-11758",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "VULHUB",
            id: "VHN-164368",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11758",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
      ],
      trust: 2.61,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-11758",
            trust: 2.9,
         },
         {
            db: "PACKETSTORM",
            id: "163465",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-944",
            trust: 0.7,
         },
         {
            db: "PACKETSTORM",
            id: "157403",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2021071101",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "50011",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1816",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1448",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.2985",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021041363",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-24151",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-164368",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2020-11758",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "168903",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164368",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11758",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11758",
         },
      ],
   },
   id: "VAR-202004-0468",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164368",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T19:53:21.490000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "OpenEXR Release Notes",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
         },
         {
            title: "v2.4.1",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
         },
         {
            title: "Industrial Light and Magic OpenEXR Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116435",
         },
         {
            title: "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b",
         },
         {
            title: "Ubuntu Security Notice: openexr vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1",
         },
         {
            title: "Debian Security Advisories: DSA-4755-1 openexr -- security update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=9325b22b993ac0e61f53dccb8f346da4",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11758",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-125",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164368",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            db: "NVD",
            id: "CVE-2020-11758",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://usn.ubuntu.com/4339-1/",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211288",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211289",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211290",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211291",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211293",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211294",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/kb/ht211295",
         },
         {
            trust: 1.8,
            url: "https://www.debian.org/security/2020/dsa-4755",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/202107-27",
         },
         {
            trust: 1.8,
            url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1",
         },
         {
            trust: 1.8,
            url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
         },
         {
            trust: 1.8,
            url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
         },
         {
            trust: 1.7,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11758",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11758",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.2985/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211291",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/157403/ubuntu-security-notice-usn-4339-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1448/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211295",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1816/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/50011",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021071101",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021041363",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11761",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11765",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11762",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15305",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11763",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15306",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11764",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11759",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11760",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9111",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/125.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3476",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3478",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-20296",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3479",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15304",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3474",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3475",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3477",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-18444",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2",
         },
         {
            trust: 0.1,
            url: "https://usn.ubuntu.com/4339-1",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openexr",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9115",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9113",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9114",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164368",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11758",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11758",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-164368",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11758",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11758",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-14T00:00:00",
            db: "VULHUB",
            id: "VHN-164368",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11758",
         },
         {
            date: "2020-05-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            date: "2021-07-12T15:22:22",
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            date: "2020-04-27T15:19:30",
            db: "PACKETSTORM",
            id: "157403",
         },
         {
            date: "2020-08-28T19:12:00",
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
         {
            date: "2021-04-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2020-04-14T23:15:12.167000",
            db: "NVD",
            id: "CVE-2020-11758",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-01-09T00:00:00",
            db: "VULHUB",
            id: "VHN-164368",
         },
         {
            date: "2020-09-09T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11758",
         },
         {
            date: "2020-05-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
         {
            date: "2022-04-27T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2024-11-21T04:58:32.430000",
            db: "NVD",
            id: "CVE-2020-11758",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenEXR Out-of-bounds read vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004026",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-944",
         },
      ],
      trust: 0.6,
   },
}

var-202004-0473
Vulnerability from variot

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the ImfTileOffsets.cpp file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27

                                       https://security.gentoo.org/

Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27

Synopsis

Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/openexr < 2.5.6 >= 2.5.6

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"

References

[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202107-27

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenEXR security update Advisory ID: RHSA-2020:4039-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4039 Issue date: 2020-09-29 CVE Names: CVE-2020-11761 CVE-2020-11763 CVE-2020-11764 ==================================================================== 1. Summary:

An update for OpenEXR is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

ppc64: OpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm OpenEXR-libs-1.7.1-8.el7.ppc.rpm OpenEXR-libs-1.7.1-8.el7.ppc64.rpm

ppc64le: OpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm OpenEXR-libs-1.7.1-8.el7.ppc64le.rpm

s390x: OpenEXR-debuginfo-1.7.1-8.el7.s390.rpm OpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm OpenEXR-libs-1.7.1-8.el7.s390.rpm OpenEXR-libs-1.7.1-8.el7.s390x.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: OpenEXR-1.7.1-8.el7.ppc64.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm OpenEXR-devel-1.7.1-8.el7.ppc.rpm OpenEXR-devel-1.7.1-8.el7.ppc64.rpm

ppc64le: OpenEXR-1.7.1-8.el7.ppc64le.rpm OpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm OpenEXR-devel-1.7.1-8.el7.ppc64le.rpm

s390x: OpenEXR-1.7.1-8.el7.s390x.rpm OpenEXR-debuginfo-1.7.1-8.el7.s390.rpm OpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm OpenEXR-devel-1.7.1-8.el7.s390.rpm OpenEXR-devel-1.7.1-8.el7.s390x.rpm

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: OpenEXR-1.7.1-8.el7.src.rpm

x86_64: OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-libs-1.7.1-8.el7.i686.rpm OpenEXR-libs-1.7.1-8.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: OpenEXR-1.7.1-8.el7.x86_64.rpm OpenEXR-debuginfo-1.7.1-8.el7.i686.rpm OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm OpenEXR-devel-1.7.1-8.el7.i686.rpm OpenEXR-devel-1.7.1-8.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-11761 https://access.redhat.com/security/cve/CVE-2020-11763 https://access.redhat.com/security/cve/CVE-2020-11764 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBX3OhUtzjgjWX9erEAQhyFQ/+J5Ul3SoJTvzk/7rqW/WA4GkT5/I6owm1 BnhvO6tELbBul8250MCo/jaUukdjQ3bJ/ZdjmPFrPgNR7UrmIN0LQdAiDlMtnhIF 7Ppw7RDniUBtv3Q2471W4FQxpeXKf+n5sqkq+blxZbeYLXI7Nya/2qKirO0dJ4M1 bAl1exBJ4cSp+kuUOn8oBsGQi6L2oM6ldPf4KklMswOU69qDexywZNtvQVfANmur mNIx/9bmQG+WRlj941A1BFTsAdXsCyTc3qaBecC5iEFxKPkVlpfBhQJ+N6zxdKwj CtVftLiGpcuiWck6THkpPbQg9HWqtJI3tQyW5NUZFHhUnwvOw3SGKgN3ufsnS/tF 9MsnwovV+6kuR/k1UWiDXuSZrdjEIOSz0We8oT5VhOKNkXcE0OY4yxLKpVTlP1HN aM2OGkf3DiUdKEysSQ7yPa2tfimLYQS/XJo6w4FZPKapmOvF926/R7NgIIucvG4J U51DVzqGpkt40pK790wQLrwUZ/E+HYyeZpPJC8QrmJmPNXsXFEm4iYxjCIyaecKf hOlBFwy7mU6fuOLynrrfxeStoS0+zJFfYqdiKOfTpRoLozBqaA8Vt8VasOfOwGeY Ar+nuTxwoQn3KCSGvHk533UkNyqKqpNDIfyqk3M8y8S5HjXvoMx9zxaN0ujT4/pB vySbS8H4PEI=P3yT -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0473",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.8",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "10.0",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "7.20",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4.8",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.15.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "openexr",
            scope: "lt",
            trust: 1,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.15",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.14.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.14.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "20.04",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.13.6",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.13.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "19.10",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "32",
         },
         {
            model: "icloud",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.0",
         },
         {
            model: "leap",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "15.1",
         },
         {
            model: "watchos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "6.2.8",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.3",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.8,
            vendor: "openexr",
            version: "2.4.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.4",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.0.7",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.1.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.2.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.3.2",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.4.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "1.7.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.0.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.1.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.2.1",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.3.0",
         },
         {
            model: "openexr",
            scope: "eq",
            trust: 0.1,
            vendor: "openexr",
            version: "2.4.0",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11763",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            db: "NVD",
            id: "CVE-2020-11763",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:openexr:openexr",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Red Hat",
      sources: [
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2020-11763",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-11763",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.1,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004073",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-164374",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.8,
                  id: "CVE-2020-11763",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 5.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004073",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-11763",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-004073",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-959",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-975",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-164374",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-11763",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164374",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11763",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11763",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the ImfTileOffsets.cpp file in LIM OpenEXR versions prior to 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenEXR: Multiple vulnerabilities\n     Date: July 11, 2021\n     Bugs: #717474, #746794, #762862, #770229, #776808\n       ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/openexr           < 2.5.6                    >= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[  1 ] CVE-2020-11758\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[  2 ] CVE-2020-11759\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[  3 ] CVE-2020-11760\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[  4 ] CVE-2020-11761\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[  5 ] CVE-2020-11762\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[  6 ] CVE-2020-11763\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[  7 ] CVE-2020-11764\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[  8 ] CVE-2020-11765\n       https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[  9 ] CVE-2020-15304\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n       https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n       https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n       https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: OpenEXR security update\nAdvisory ID:       RHSA-2020:4039-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:4039\nIssue date:        2020-09-29\nCVE Names:         CVE-2020-11761 CVE-2020-11763 CVE-2020-11764\n====================================================================\n1. Summary:\n\nAn update for OpenEXR is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light & Magic for use in computer imaging applications. This\npackage contains libraries and sample applications for handling the format. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nppc64:\nOpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm\nOpenEXR-libs-1.7.1-8.el7.ppc.rpm\nOpenEXR-libs-1.7.1-8.el7.ppc64.rpm\n\nppc64le:\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm\nOpenEXR-libs-1.7.1-8.el7.ppc64le.rpm\n\ns390x:\nOpenEXR-debuginfo-1.7.1-8.el7.s390.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm\nOpenEXR-libs-1.7.1-8.el7.s390.rpm\nOpenEXR-libs-1.7.1-8.el7.s390x.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nOpenEXR-1.7.1-8.el7.ppc64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64.rpm\nOpenEXR-devel-1.7.1-8.el7.ppc.rpm\nOpenEXR-devel-1.7.1-8.el7.ppc64.rpm\n\nppc64le:\nOpenEXR-1.7.1-8.el7.ppc64le.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.ppc64le.rpm\nOpenEXR-devel-1.7.1-8.el7.ppc64le.rpm\n\ns390x:\nOpenEXR-1.7.1-8.el7.s390x.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.s390.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.s390x.rpm\nOpenEXR-devel-1.7.1-8.el7.s390.rpm\nOpenEXR-devel-1.7.1-8.el7.s390x.rpm\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nOpenEXR-1.7.1-8.el7.src.rpm\n\nx86_64:\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-libs-1.7.1-8.el7.i686.rpm\nOpenEXR-libs-1.7.1-8.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nOpenEXR-1.7.1-8.el7.x86_64.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.i686.rpm\nOpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpm\nOpenEXR-devel-1.7.1-8.el7.i686.rpm\nOpenEXR-devel-1.7.1-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-11761\nhttps://access.redhat.com/security/cve/CVE-2020-11763\nhttps://access.redhat.com/security/cve/CVE-2020-11764\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3OhUtzjgjWX9erEAQhyFQ/+J5Ul3SoJTvzk/7rqW/WA4GkT5/I6owm1\nBnhvO6tELbBul8250MCo/jaUukdjQ3bJ/ZdjmPFrPgNR7UrmIN0LQdAiDlMtnhIF\n7Ppw7RDniUBtv3Q2471W4FQxpeXKf+n5sqkq+blxZbeYLXI7Nya/2qKirO0dJ4M1\nbAl1exBJ4cSp+kuUOn8oBsGQi6L2oM6ldPf4KklMswOU69qDexywZNtvQVfANmur\nmNIx/9bmQG+WRlj941A1BFTsAdXsCyTc3qaBecC5iEFxKPkVlpfBhQJ+N6zxdKwj\nCtVftLiGpcuiWck6THkpPbQg9HWqtJI3tQyW5NUZFHhUnwvOw3SGKgN3ufsnS/tF\n9MsnwovV+6kuR/k1UWiDXuSZrdjEIOSz0We8oT5VhOKNkXcE0OY4yxLKpVTlP1HN\naM2OGkf3DiUdKEysSQ7yPa2tfimLYQS/XJo6w4FZPKapmOvF926/R7NgIIucvG4J\nU51DVzqGpkt40pK790wQLrwUZ/E+HYyeZpPJC8QrmJmPNXsXFEm4iYxjCIyaecKf\nhOlBFwy7mU6fuOLynrrfxeStoS0+zJFfYqdiKOfTpRoLozBqaA8Vt8VasOfOwGeY\nAr+nuTxwoQn3KCSGvHk533UkNyqKqpNDIfyqk3M8y8S5HjXvoMx9zxaN0ujT4/pB\nvySbS8H4PEI=P3yT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-11763",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "VULHUB",
            id: "VHN-164374",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11763",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
      ],
      trust: 2.61,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-11763",
            trust: 2.9,
         },
         {
            db: "PACKETSTORM",
            id: "163465",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "159359",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-959",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.2985",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1448",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1816",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.3401",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021071101",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "50015",
            trust: 0.6,
         },
         {
            db: "CS-HELP",
            id: "SB2021041363",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-24156",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-164374",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2020-11763",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "168903",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164374",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11763",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11763",
         },
      ],
   },
   id: "VAR-202004-0473",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164374",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T20:20:58.916000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "OpenEXR Release Notes",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020",
         },
         {
            title: "AcademySoftwareFoundation/openexr",
            trust: 0.8,
            url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1",
         },
         {
            title: "Industrial Light and Magic OpenEXR Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=116441",
         },
         {
            title: "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b",
         },
         {
            title: "Ubuntu Security Notice: openexr vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2020-11763",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-125",
            trust: 1.9,
         },
         {
            problemtype: "CWE-787",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164374",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            db: "NVD",
            id: "CVE-2020-11763",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://usn.ubuntu.com/4339-1/",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/202107-27",
         },
         {
            trust: 1.8,
            url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020",
         },
         {
            trust: 1.8,
            url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211288",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211289",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211290",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211291",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211293",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211294",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/kb/ht211295",
         },
         {
            trust: 1.7,
            url: "https://www.debian.org/security/2020/dsa-4755",
         },
         {
            trust: 1.7,
            url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html",
         },
         {
            trust: 1.7,
            url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html",
         },
         {
            trust: 1.7,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11763",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11763",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.2985/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211291",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1448/",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/50015",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211295",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1816/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/159359/red-hat-security-advisory-2020-4039-01.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.3401/",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021071101",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2021041363",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11761",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11764",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15305",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11765",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11758",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15306",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11762",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11759",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-11760",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/787.html",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/125.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3476",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3478",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-20296",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3479",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-15304",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3474",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3475",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-3477",
         },
         {
            trust: 0.1,
            url: "https://www.redhat.com/mailman/listinfo/rhsa-announce",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2020-11764",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/errata/rhsa-2020:4039",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/articles/11258",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2020-11763",
         },
         {
            trust: 0.1,
            url: "https://bugzilla.redhat.com/):",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/key/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2020-11761",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/contact/",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openexr",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9115",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9113",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9111",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-9114",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-164374",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11763",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11763",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-164374",
         },
         {
            db: "VULMON",
            id: "CVE-2020-11763",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            db: "NVD",
            id: "CVE-2020-11763",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-14T00:00:00",
            db: "VULHUB",
            id: "VHN-164374",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11763",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            date: "2021-07-12T15:22:22",
            db: "PACKETSTORM",
            id: "163465",
         },
         {
            date: "2020-09-30T15:45:11",
            db: "PACKETSTORM",
            id: "159359",
         },
         {
            date: "2020-08-28T19:12:00",
            db: "PACKETSTORM",
            id: "168903",
         },
         {
            date: "2020-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
         {
            date: "2021-04-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2020-04-14T23:15:12.433000",
            db: "NVD",
            id: "CVE-2020-11763",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-01-09T00:00:00",
            db: "VULHUB",
            id: "VHN-164374",
         },
         {
            date: "2020-09-09T00:00:00",
            db: "VULMON",
            id: "CVE-2020-11763",
         },
         {
            date: "2020-05-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
         {
            date: "2022-11-17T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-975",
         },
         {
            date: "2024-11-21T04:58:33.477000",
            db: "NVD",
            id: "CVE-2020-11763",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenEXR Out-of-bounds read vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004073",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-959",
         },
      ],
      trust: 0.6,
   },
}