CVE-2009-1722 - OpenCVE

Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openexr	Openexr

Configuration 1 [-]

cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*

References

Link	Resource
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
http://secunia.com/advisories/36032	Vendor Advisory
http://secunia.com/advisories/36096
http://secunia.com/advisories/36753
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz	Patch
http://support.apple.com/kb/HT3757
http://www.debian.org/security/2009/dsa-1842	Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
http://www.securityfocus.com/bid/35838	Patch
http://www.securitytracker.com/id?1022674
http://www.ubuntu.com/usn/USN-831-1
http://www.us-cert.gov/cas/techalerts/TA09-218A.html	US Government Resource
http://www.vupen.com/english/advisories/2009/2035	Vendor Advisory
http://www.vupen.com/english/advisories/2009/2172
https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-31T18:29:00

Updated: 2019-09-23T16:39:57

Reserved: 2009-05-20T00:00:00

Link: CVE-2009-1722

JSON object: View

NVD Information

Status : Modified

Published: 2009-07-31T19:00:01.127

Modified: 2012-10-23T03:06:36.320

Link: CVE-2009-1722

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-23T16:39:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3757"}, {"name": "MDVSA-2009:191", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz"}, {"name": "36753", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36753"}, {"name": "ADV-2009-2035", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2035"}, {"name": "36096", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36096"}, {"name": "DSA-1842", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1842"}, {"name": "36032", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36032"}, {"name": "APPLE-SA-2009-08-05-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"}, {"name": "35838", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35838"}, {"name": "1022674", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022674"}, {"name": "USN-831-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-831-1"}, {"name": "ADV-2009-2172", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2172"}, {"name": "TA09-218A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1722", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.apple.com/kb/HT3757", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3757"}, {"name": "MDVSA-2009:191", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191"}, {"name": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz", "refsource": "CONFIRM", "url": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz"}, {"name": "36753", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36753"}, {"name": "ADV-2009-2035", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2035"}, {"name": "36096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36096"}, {"name": "DSA-1842", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1842"}, {"name": "36032", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36032"}, {"name": "APPLE-SA-2009-08-05-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"}, {"name": "35838", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35838"}, {"name": "1022674", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022674"}, {"name": "USN-831-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-831-1"}, {"name": "ADV-2009-2172", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2172"}, {"name": "TA09-218A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"}, {"name": "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010", "refsource": "CONFIRM", "url": "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1722", "datePublished": "2009-07-31T18:29:00", "dateReserved": "2009-05-20T00:00:00", "dateUpdated": "2019-09-23T16:39:57", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7D0003E3-C50B-4C46-8A24-A874A5C137E1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la implementaci\u00f3n de compresi\u00f3n en OpenEXR versi\u00f3n 1.2.2, permite a los atacantes dependiendo del contexto causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario por medio de vectores no especificados."}], "id": "CVE-2009-1722", "lastModified": "2012-10-23T03:06:36.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-07-31T19:00:01.127", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36032"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36096"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36753"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz"}, {"source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3757"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.debian.org/security/2009/dsa-1842"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35838"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022674"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-831-1"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2035"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/2172"}, {"source": "cve@mitre.org", "url": "https://github.com/openexr/openexr/blob/master/CHANGES.md#version-170-july-23-2010"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}