CVE-2020-11763Out-of-bounds Read in Openexr

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds WriteCWE-22Path Traversal16 documents10 sources
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 31.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
OpenexrApple IcloudApple Ipados+9 more
Timeline
PublishedApr 14
Latest updateMay 24

Description

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

NVDopenexr/openexr< 2.4.1
Debianopenexr/openexr< 2.5.3-2+3
NVDapple/tvos< 13.4.8
NVDapple/icloud10.011.3+1
NVDapple/ipados< 13.6

Also affects: Debian Linux 10.0, 9.0, Fedora 32, Ubuntu Linux 16.04, 18.04, 19.10, 20.04

🔴Vulnerability Details

5
GHSA
GHSA-cpj2-hhj8-vfgh: An issue was discovered in OpenEXR before 22022-05-24
OSV
thunderbird vulnerabilities2020-04-21
CVEList
CVE-2020-11763: An issue was discovered in OpenEXR before 22020-04-14
OSV
CVE-2020-11763: An issue was discovered in OpenEXR before 22020-04-14
Project0
Fuzzing ImageIO - Project Zero2020-04-01

📋Vendor Advisories

7
Apple
CVE-2020-11763: tvOS 13.4.82020-07-15
Apple
CVE-2020-11763: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra2020-07-15
Apple
CVE-2020-11763: watchOS 6.2.82020-07-15
Apple
CVE-2020-11763: iOS 13.6 and iPadOS 13.62020-07-15
Ubuntu
OpenEXR vulnerabilities2020-04-27

💬Community

3
Bugzilla
CVE-2020-11763 mingw-OpenEXR: OpenEXR: std::vector out-of-bounds read and write as demonstrated by ImfTileOffsets.cpp [fedora-all]2020-04-28
Bugzilla
CVE-2020-11763 OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp2020-04-28
Bugzilla
CVE-2020-11763 OpenEXR: std::vector out-of-bounds read and write as demonstrated by ImfTileOffsets.cpp [fedora-all]2020-04-28
CVE-2020-11763 — Out-of-bounds Read in Openexr | cvebase