CVE-2020-11759 — Integer Overflow or Wraparound in Openexr
Severity
5.5MEDIUMNVD
EPSS
1.1%
top 22.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 14
Latest updateMay 24
Description
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages9 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 32, Ubuntu Linux 16.04, 18.04, 19.10, 20.04
🔴Vulnerability Details
5📋Vendor Advisories
7Apple▶
CVE-2020-11759: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra↗2020-07-15
💬Community
6Bugzilla▶
CVE-2020-11759 OpenEXR: out-of-bounds write due to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock↗2020-04-28
Bugzilla▶
CVE-2020-11759 mingw-OpenEXR: OpenEXR: out-of-bounds write due to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock [fedora-all]↗2020-04-28
Bugzilla▶
CVE-2020-11759 OpenEXR: out-of-bounds write due to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock [fedora-all]↗2020-04-28
Bugzilla▶
CVE-2020-11759 OpenEXR: out-of-bounds write due to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock [fedora-all]↗2020-04-28
Bugzilla▶
CVE-2020-11759 mingw-OpenEXR: OpenEXR: out-of-bounds write due to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock [fedora-all]↗2020-04-28