CVE-2017-9111 — Out-of-bounds Write in Openexr

CWE-787 — Out-of-bounds Write13 documents7 sources

Severity

8.8HIGHNVD

OSV7.8

EPSS

2.4%

top 14.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openexr Debian Openexr

Timeline

PublishedMay 21

Latest updateMay 13

Description

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/openexr< openexr 2.5.3-2 (bookworm)

▶PyPIopenexr/openexr< 2.2.1

▶Debianopenexr/openexr< 2.5.3-2+3

▶Ubuntuopenexr/openexr< 2.2.0-10ubuntu2.2+4

▶NVDopenexr/openexr2.2.0

🔴Vulnerability Details

GHSA

OpenEXR invalid write↗2022-05-13

▶

OSV

OpenEXR invalid write↗2022-05-13

▶

OSV

openexr vulnerabilities↗2020-04-27

▶

OSV

openexr vulnerabilities↗2019-10-07

▶

OSV

CVE-2017-9111: In OpenEXR 2↗2017-05-21

▶

📋Vendor Advisories

Ubuntu

OpenEXR vulnerabilities↗2020-04-27

▶

Ubuntu

OpenEXR vulnerabilities↗2019-10-07

▶

Red Hat

OpenEXR: Out-of-bounds write in the storeSSE function↗2017-05-12

▶

Debian

CVE-2017-9111: openexr - In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOpti...↗2017

▶

💬Community

Bugzilla

CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 OpenEXR: various flaws [fedora-all]↗2017-05-25

▶

Bugzilla

CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 mingw-OpenEXR: various flaws [fedora-all]↗2017-05-25

▶

Bugzilla

CVE-2017-9111 OpenEXR: Out-of-bounds write in the storeSSE function↗2017-05-25

▶