Numeric Errors in openexr

Do your applications use this vulnerable package? Test your applications

Overview

In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.

References

DEBIAN
Debian Security Tracker
GitHub Issue
GitHub PR
GitHub Release
MLIST
OSS security Advisory
OpenSuse Security Announcement
OpenSuse Security Announcement
UBUNTU
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

Numeric Errors
Affecting openexr package, versions <2.2.1-4.1+deb10u1

Overview

References

CVSS Score

Numeric Errors Affecting openexr package, versions <2.2.1-4.1+deb10u1

Overview

References

Numeric Errors
Affecting openexr package, versions <2.2.1-4.1+deb10u1