CVE-2020-11764Out-of-bounds Write in Openexr

CWE-787Out-of-bounds Write17 documents10 sources
Severity
5.5MEDIUMNVD
EPSS
0.8%
top 26.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
OpenexrApple IcloudApple Ipados+9 more
Timeline
PublishedApr 14
Latest updateMay 24

Description

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

NVDopenexr/openexr< 2.4.1
Debianopenexr/openexr< 2.5.3-2+3
NVDapple/tvos< 13.4.8
NVDapple/icloud10.011.3+1
NVDapple/ipados< 13.6

Also affects: Debian Linux 10.0, 9.0, Fedora 32, Ubuntu Linux 16.04, 18.04, 19.10, 20.04

🔴Vulnerability Details

5
GHSA
GHSA-cwm8-xj6v-vqwj: An issue was discovered in OpenEXR before 22022-05-24
OSV
thunderbird vulnerabilities2020-04-21
CVEList
CVE-2020-11764: An issue was discovered in OpenEXR before 22020-04-14
OSV
CVE-2020-11764: An issue was discovered in OpenEXR before 22020-04-14
Project0
Fuzzing ImageIO - Project Zero2020-04-01

📋Vendor Advisories

7
Apple
CVE-2020-11764: tvOS 13.4.82020-07-15
Apple
CVE-2020-11764: watchOS 6.2.82020-07-15
Apple
CVE-2020-11764: iOS 13.6 and iPadOS 13.62020-07-15
Apple
CVE-2020-11764: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra2020-07-15
Ubuntu
OpenEXR vulnerabilities2020-04-27

💬Community

4
Bugzilla
CVE-2018-11764 hadoop: privilege escalation in web endpoint2020-10-21
Bugzilla
CVE-2020-11764 OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp2020-04-28
Bugzilla
CVE-2020-11764 mingw-OpenEXR: OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp [fedora-all]2020-04-28
Bugzilla
CVE-2020-11764 OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp [fedora-all]2020-04-28
CVE-2020-11764 — Out-of-bounds Write in Openexr | cvebase