In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
References
Link | Resource |
---|---|
https://github.com/openexr/openexr/issues/238 | Exploit Third Party Advisory |
https://github.com/openexr/openexr/releases/tag/v2.3.0 | |
https://github.com/xiaoqx/pocs/blob/master/openexr.md | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html | |
https://usn.ubuntu.com/4148-1/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-08-07T01:00:00
Updated: 2020-08-30T21:06:12
Reserved: 2017-08-06T00:00:00
Link: CVE-2017-12596
JSON object: View
NVD Information
Status : Modified
Published: 2017-08-07T01:29:00.343
Modified: 2020-08-30T22:15:11.323
Link: CVE-2017-12596
JSON object: View
Redhat Information
No data.
CWE