Описание
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
Отчет
This flaw does not affect versions of OpenEXR shipped with Red Hat Enterprise Linux 6 or 7 as the vulnerable code was introduced in subsequent versions of OpenEXR.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | OpenEXR | Not affected | ||
| Red Hat Enterprise Linux 7 | OpenEXR | Not affected | ||
| Red Hat Enterprise Linux 8 | mingw-OpenEXR | Will not fix | ||
| Red Hat Enterprise Linux 8 | OpenEXR | Will not fix | ||
| Red Hat Enterprise Linux 9 | OpenEXR | Not affected |
Показывать по
Дополнительная информация
Статус:
6.2 Medium
CVSS3
Связанные уязвимости
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
Уязвимость функции getChunkOffsetTableSize() программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании
6.2 Medium
CVSS3