CVE-2017-12596 — Out-of-bounds Read in Openexr

CWE-125 — Out-of-bounds Read10 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 31.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openexr Debian Openexr

Timeline

PublishedAug 7

Latest updateMay 13

Description

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/openexr< openexr 2.2.0-11.1 (bookworm)

▶Debianopenexr/openexr< 2.2.0-11.1+3

▶Ubuntuopenexr/openexr< 2.2.0-10ubuntu2.1+1

▶NVDopenexr/openexr2.2.0

🔴Vulnerability Details

GHSA

GHSA-mrp7-3hfh-25j7: In OpenEXR 2↗2022-05-13

▶

OSV

openexr vulnerabilities↗2019-10-07

▶

OSV

CVE-2017-12596: In OpenEXR 2↗2017-08-07

▶

📋Vendor Advisories

Ubuntu

OpenEXR vulnerabilities↗2019-10-07

▶

Red Hat

OpenEXR: heap-based buffer over-read in hufDecode function↗2017-07-29

▶

Debian

CVE-2017-12596: openexr - In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hu...↗2017

▶

💬Community

Bugzilla

CVE-2017-12596 CVE-2017-14988 OpenEXR: various flaws [fedora-all]↗2017-08-22

▶

Bugzilla

CVE-2017-12596 CVE-2017-14988 mingw-OpenEXR: various flaws [fedora-all]↗2017-08-22

▶

Bugzilla

CVE-2017-12596 OpenEXR: heap-based buffer over-read in hufDecode function↗2017-08-22

▶