CVE-2020-11760Out-of-bounds Read in Openexr

CWE-125Out-of-bounds Read16 documents10 sources
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 29.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
OpenexrApple IcloudApple Ipados+9 more
Timeline
PublishedApr 14
Latest updateMay 24

Description

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

NVDopenexr/openexr< 2.4.1
Debianopenexr/openexr< 2.5.3-2+3
NVDapple/tvos< 13.4.8
NVDapple/icloud10.011.3+1
NVDapple/ipados< 13.6

Also affects: Debian Linux 10.0, 9.0, Fedora 32, Ubuntu Linux 16.04, 18.04, 19.10, 20.04

🔴Vulnerability Details

5
GHSA
GHSA-hjj6-gq2r-v84q: An issue was discovered in OpenEXR before 22022-05-24
OSV
thunderbird vulnerabilities2020-04-21
OSV
CVE-2020-11760: An issue was discovered in OpenEXR before 22020-04-14
CVEList
CVE-2020-11760: An issue was discovered in OpenEXR before 22020-04-14
Project0
Fuzzing ImageIO - Project Zero2020-04-01

📋Vendor Advisories

7
Apple
CVE-2020-11760: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra2020-07-15
Apple
CVE-2020-11760: iOS 13.6 and iPadOS 13.62020-07-15
Apple
CVE-2020-11760: watchOS 6.2.82020-07-15
Apple
CVE-2020-11760: tvOS 13.4.82020-07-15
Ubuntu
OpenEXR vulnerabilities2020-04-27

💬Community

3
Bugzilla
CVE-2020-11760 OpenEXR: out-of-bounds read during RLE uncompression in rleUncompress function in ImfRle.cpp [fedora-all]2020-04-28
Bugzilla
CVE-2020-11760 mingw-OpenEXR: OpenEXR: out-of-bounds read during RLE uncompression in rleUncompress function in ImfRle.cpp [fedora-all]2020-04-28
Bugzilla
CVE-2020-11760 OpenEXR: out-of-bounds read during RLE uncompression in rleUncompress function in ImfRle.cpp2020-04-28
CVE-2020-11760 — Out-of-bounds Read in Openexr | cvebase