CVE-2018-18443 — Missing Release of Resource after Effective Lifetime in Openexr

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 41.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 17

Latest updateMay 13

Description

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

▶debiandebian/openexr< openexr 2.5.3-2 (bookworm)

▶Debianopenexr/openexr< 2.5.3-2+3

GHSA

GHSA-pfc3-fmmp-mxgw: OpenEXR 2↗2022-05-13

▶

OSV

CVE-2018-18443: OpenEXR 2↗2018-10-17

▶

Red Hat

OpenEXR: Memory leak in ThreadPool in in IlmBase/IlmThread/IlmThreadPool.cpp↗2018-10-17

▶

Debian

CVE-2018-18443: openexr - OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool...↗2018

▶

Bugzilla

CVE-2018-18443 CVE-2018-18444 mingw-OpenEXR: various flaws [fedora-all]↗2018-10-25

▶

Bugzilla

CVE-2018-18443 OpenEXR: Memory leak in ThreadPool in in IlmBase/IlmThread/IlmThreadPool.cpp↗2018-10-25

▶

Bugzilla

CVE-2018-18443 CVE-2018-18444 OpenEXR: various flaws [fedora-all]↗2018-10-25

▶