An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
21 Nov 2024, 04:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html - Mailing List, Third Party Advisory | |
References | () https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 - Exploit, Third Party Advisory | |
References | () https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 - Release Notes, Third Party Advisory | |
References | () https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 - Release Notes, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/ - | |
References | () https://security.gentoo.org/glsa/202107-27 - Third Party Advisory | |
References | () https://support.apple.com/kb/HT211288 - Third Party Advisory | |
References | () https://support.apple.com/kb/HT211289 - Third Party Advisory | |
References | () https://support.apple.com/kb/HT211290 - Third Party Advisory | |
References | () https://support.apple.com/kb/HT211291 - Third Party Advisory | |
References | () https://support.apple.com/kb/HT211293 - Third Party Advisory | |
References | () https://support.apple.com/kb/HT211294 - Third Party Advisory | |
References | () https://support.apple.com/kb/HT211295 - Third Party Advisory | |
References | () https://usn.ubuntu.com/4339-1/ - Third Party Advisory | |
References | () https://www.debian.org/security/2020/dsa-4755 - Third Party Advisory |
07 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-04-14 23:15
Updated : 2024-11-21 04:58
NVD link : CVE-2020-11761
Mitre link : CVE-2020-11761
CVE.ORG link : CVE-2020-11761
JSON object : View
Products Affected
debian
- debian_linux
apple
- itunes
- mac_os_x
- ipados
- icloud
- tvos
- iphone_os
- watchos
openexr
- openexr
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-125
Out-of-bounds Read