CVE-2009-1722 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openexr

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

10.9%

top 6.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openexr Debian Openexr

Timeline

PublishedJul 31

Latest updateMay 2

Description

Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/openexr< openexr 1.6.1-1 (bookworm)

▶Debianopenexr/openexr< 1.6.1-1+3

▶NVDopenexr/openexr1.2.2

Patches

Patch: security.debian.org ↗Patch: www.debian.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-g7x3-mh62-h5hm: Heap-based buffer overflow in the compression implementation in OpenEXR 1↗2022-05-02

▶

OSV

CVE-2009-1722: Heap-based buffer overflow in the compression implementation in OpenEXR 1↗2009-07-31

▶

📋Vendor Advisories

Ubuntu

OpenEXR vulnerabilities↗2009-09-14

▶

Debian

CVE-2009-1722: openexr - Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 al...↗2009

▶

Red Hat

OpenEXR: Integer overflow in decompression of range of values in the pixel data↗2007-10-22

▶

💬Community

Bugzilla

CVE-2009-1722 OpenEXR: Integer overflow in decompression of range of values in the pixel data↗2009-07-27

▶

Bugzilla

CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression↗2009-07-27

▶