Уязвимость CVE-2020-11758: Информация

Описание

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

Важность: MEDIUM (5,5) Вектор: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11758
Опубликовано: 15 апреля 2020 г.
Изменено: 7 ноября 2023 г.
Идентификатор типа ошибки: CWE-125

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
ilmbasesisyphus2.5.3-alt12.5.6-alt2ALT-PU-2020-3135-1260406Исправлено
ilmbasep102.5.3-alt12.5.6-alt2ALT-PU-2020-3135-1260406Исправлено
ilmbasep92.5.3-alt12.5.6-alt1ALT-PU-2021-1312-1265603Исправлено
ilmbasec10f12.5.3-alt12.5.6-alt2ALT-PU-2020-3135-1260406Исправлено
ilmbasep112.5.3-alt12.5.6-alt2ALT-PU-2020-3135-1260406Исправлено
openexrsisyphus2.5.3-alt13.1.5-alt2.2ALT-PU-2020-3136-1260406Исправлено
openexrp102.5.3-alt12.5.6-alt4ALT-PU-2020-3136-1260406Исправлено
openexrp92.5.3-alt12.5.6-alt1ALT-PU-2021-1313-1265603Исправлено
openexrc10f12.5.3-alt12.5.6-alt4ALT-PU-2020-3136-1260406Исправлено
openexrp112.5.3-alt13.1.5-alt2.2ALT-PU-2020-3136-1260406Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1
  • Release Notes
  • Third Party Advisory
https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020
  • Release Notes
  • Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
  • Exploit
  • Third Party Advisory
USN-4339-1
  • Third Party Advisory
openSUSE-SU-2020:0682
  • Mailing List
  • Third Party Advisory
DSA-4755
  • Third Party Advisory
[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update
  • Mailing List
  • Third Party Advisory
https://support.apple.com/kb/HT211293
  • Third Party Advisory
https://support.apple.com/kb/HT211290
  • Third Party Advisory
https://support.apple.com/kb/HT211291
  • Third Party Advisory
https://support.apple.com/kb/HT211288
  • Third Party Advisory
https://support.apple.com/kb/HT211289
  • Third Party Advisory
https://support.apple.com/kb/HT211294
  • Third Party Advisory
https://support.apple.com/kb/HT211295
  • Third Party Advisory
GLSA-202107-27
  • Third Party Advisory
FEDORA-2020-e244f22a51

      1. Конфигурация 1

        cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*
        End excliding
        2.4.1

        Конфигурация 2

        cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

        Конфигурация 3

        cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

        Конфигурация 4

        cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

        Конфигурация 5

        cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
        cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

        Конфигурация 6

        cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
        End excliding
        10.15.6
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
        End excliding
        13.4.8
        cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
        End excliding
        13.6
        cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
        End excliding
        7.20
        cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
        Start including
        11.0
        End excliding
        11.3
        cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
        End excliding
        12.10.8
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
        End excliding
        6.2.8
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
        End excliding
        13.6
        cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
        Start including
        10.13.0
        End excliding
        10.13.6
        cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
        Start including
        10.14.0
        End excliding
        10.14.6
        cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:supplemental_update:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Версия: v24.5.3
    Наверх