CVE-2020-16589

Опубликовано: 09 дек. 2020

Источник: debian

EPSS Низкий

Описание

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openexr	fixed	2.5.3-2		package

Примечания

https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8 (v2.4.0-beta.1)
https://github.com/AcademySoftwareFoundation/openexr/issues/494

EPSS

Процентиль: 67%

0.00546

Низкий

Связанные уязвимости

CVE-2020-16589

CVSS3: 5.5

ubuntu

около 5 лет назад

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.

CVE-2020-16589

CVSS3: 5.5

redhat

около 5 лет назад

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.

CVE-2020-16589

CVSS3: 5.5

nvd

около 5 лет назад

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.

GHSA-r5w4-rhqv-q6mv

CVSS3: 5.5

github

больше 3 лет назад

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.

BDU:2021-03732

CVSS3: 6.5

fstec

около 5 лет назад

Уязвимость функции writeTileData библиотеки OpenEXR, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 67%

0.00546

Низкий