Off-by-one Error in openexr

Do your applications use this vulnerable package? Test your applications

Overview

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

References

ADVISORY
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
FEDORA
GitHub Changes
GitHub Release
MISC
MLIST
SUSE
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2020-11765
CWE: CWE-193
Snyk ID: SNYK-DEBIAN10-OPENEXR-567678
Disclosed: 14 Apr, 2020
Published: 27 Apr, 2020

Off-by-one Error
Affecting openexr package, versions <2.2.1-4.1+deb10u1

Overview

References

CVSS Score

Off-by-one Error Affecting openexr package, versions <2.2.1-4.1+deb10u1

Overview

References

Off-by-one Error
Affecting openexr package, versions <2.2.1-4.1+deb10u1