CVE-2020-16588NULL Pointer Dereference in Openexr

CWE-476NULL Pointer Dereference6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 47.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpenexrDebian OpenexrDebian Linux
Timeline
PublishedDec 9
Latest updateMay 24

Description

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/openexr< openexr 2.5.3-2 (bookworm)
Debianopenexr/openexr< 2.5.3-2+3
NVDopenexr/openexr2.3.0

Also affects: Debian Linux 10.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-p928-c9c9-qw29: A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 22022-05-24
OSV
CVE-2020-16588: A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 22020-12-09

📋Vendor Advisories

3
Ubuntu
OpenEXR vulnerabilities2021-01-05
Red Hat
OpenEXR: A Null Pointer Deference in generatePreview in makePreview.cpp could result in a DOS via a crafted EXR file2020-12-10
Debian
CVE-2020-16588: openexr - A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3...2020