Out-of-bounds Read in openexr

Do your applications use this vulnerable package? Test your applications

Overview

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.

References

Debian Security Tracker
GitHub Issue
GitHub Release
MISC
MLIST
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-12596
CWE: CWE-125
Snyk ID: SNYK-DEBIAN9-OPENEXR-331155
Disclosed: 07 Aug, 2017
Published: 07 Aug, 2017

Out-of-bounds Read
Affecting openexr package, versions <2.2.0-11+deb9u1

Overview

References

CVSS Score

Out-of-bounds Read Affecting openexr package, versions <2.2.0-11+deb9u1

Overview

References

Out-of-bounds Read
Affecting openexr package, versions <2.2.0-11+deb9u1