CVE-2018-18444 — Out-of-bounds Write in Openexr

CWE-787 — Out-of-bounds Write12 documents7 sources

Severity

8.8HIGHNVD

OSV7.8

EPSS

0.7%

top 26.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openexr Debian Openexr ILM Openexr

Timeline

PublishedOct 17

Latest updateMay 13

Description

makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/openexr< openexr 2.5.3-2 (bookworm)

▶Debianopenexr/openexr< 2.5.3-2+3

▶Ubuntuopenexr/openexr< 2.2.0-10ubuntu2.2+4

▶NVDilm/openexr2.3.0

🔴Vulnerability Details

GHSA

GHSA-whx7-cr39-4rv2: makeMultiView↗2022-05-13

▶

OSV

openexr vulnerabilities↗2020-04-27

▶

OSV

openexr vulnerabilities↗2019-10-07

▶

OSV

CVE-2018-18444: makeMultiView↗2018-10-17

▶

📋Vendor Advisories

Ubuntu

OpenEXR vulnerabilities↗2020-04-27

▶

Ubuntu

OpenEXR vulnerabilities↗2019-10-07

▶

Red Hat

OpenEXR: Out-of-bounds write in makeMultiView.cpp↗2018-10-17

▶

Debian

CVE-2018-18444: openexr - makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, l...↗2018

▶

💬Community

Bugzilla

CVE-2018-18444 OpenEXR: Out-of-bounds write in makeMultiView.cpp↗2018-10-25

▶

Bugzilla

CVE-2018-18443 CVE-2018-18444 mingw-OpenEXR: various flaws [fedora-all]↗2018-10-25

▶

Bugzilla

CVE-2018-18443 CVE-2018-18444 OpenEXR: various flaws [fedora-all]↗2018-10-25

▶