SB2020083124 - Debian update for openexr 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020083124

SB2020083124 - Debian update for openexr

Published: August 31, 2020

Security Bulletin ID SB2020083124
Severity
High
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 21% Medium 57% Low 21%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2017-9111)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in storeSSE function in ImfOptimizedPixelReading.h. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.


2) Out-of-bounds write (CVE-ID: CVE-2017-9113)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in bufferedReadPixels function in ImfInputFile.cpp. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.


3) Out-of-bounds read (CVE-ID: CVE-2017-9114)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the refill function in ImfFastHuf.cpp. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


4) Out-of-bounds write (CVE-ID: CVE-2017-9115)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the = operator function in half.h. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.


5) Out-of-bounds read (CVE-ID: CVE-2020-11758)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.


6) Integer overflow (CVE-ID: CVE-2020-11759)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.


7) Out-of-bounds read (CVE-ID: CVE-2020-11760)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.


8) Out-of-bounds read (CVE-ID: CVE-2020-11761)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.


9) Out-of-bounds write (CVE-ID: CVE-2020-11762)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.


10) Out-of-bounds write (CVE-ID: CVE-2020-11763)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.


11) Out-of-bounds write (CVE-ID: CVE-2020-11764)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.


12) Off-by-one (CVE-ID: CVE-2020-11765)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.


13) Use-after-free (CVE-ID: CVE-2020-15305)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in "DeepScanLineInputFile::DeepScanLineInputFile()" in "IlmImf/ImfDeepScanLineInputFile.cpp". A local user can cause a denial of service (DoS) condition on the target system.


14) Heap-based buffer overflow (CVE-ID: CVE-2020-15306)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in "getChunkOffsetTableSize()" in "IlmImf/ImfMisc.cpp". A local user can pass specially crafted data to the applicatoin, trigger heap-based buffer overflow and cause a denial of service conditon on the target system.


Remediation

Install update from vendor's website.

References