Описание
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
A heap-based-buffer-overflow vulnerability was found in OpenEXR's composite_line() function in the 'ImfCompositeDeepScanLine.cpp' file. This flaw allows an attacker to pass a specially crafted file to OpenEXR, by tricking the victim into opening it, triggering a heap-based buffer overflow. This leads to memory corruption and allows an attacker to cause a denial of service.
Отчет
This vulnerability does not affect Red Hat Enterprise Linux 6 and 7 because they are shipped with OpenEXR v1.6.1 and v1.7.1 respectively, and the vulnerable code is not present in the code-base.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | OpenEXR | Not affected | ||
| Red Hat Enterprise Linux 7 | OpenEXR | Not affected | ||
| Red Hat Enterprise Linux 8 | OpenEXR | Will not fix | ||
| Red Hat Enterprise Linux 9 | openexr | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...
5.5 Medium
CVSS3