Уязвимость CVE-2020-11759: Информация
Описание
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
Важность: MEDIUM (5,5) Вектор: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
ilmbase | sisyphus | 2.5.3-alt1 | 2.5.6-alt2 | ALT-PU-2020-3135-1 | 260406 | Исправлено |
ilmbase | p10 | 2.5.3-alt1 | 2.5.6-alt2 | ALT-PU-2020-3135-1 | 260406 | Исправлено |
ilmbase | p9 | 2.5.3-alt1 | 2.5.6-alt1 | ALT-PU-2021-1312-1 | 265603 | Исправлено |
ilmbase | c10f1 | 2.5.3-alt1 | 2.5.6-alt2 | ALT-PU-2020-3135-1 | 260406 | Исправлено |
ilmbase | p11 | 2.5.3-alt1 | 2.5.6-alt2 | ALT-PU-2020-3135-1 | 260406 | Исправлено |
openexr | sisyphus | 2.5.3-alt1 | 3.1.5-alt2.2 | ALT-PU-2020-3136-1 | 260406 | Исправлено |
openexr | p10 | 2.5.3-alt1 | 2.5.6-alt4 | ALT-PU-2020-3136-1 | 260406 | Исправлено |
openexr | p9 | 2.5.3-alt1 | 2.5.6-alt1 | ALT-PU-2021-1313-1 | 265603 | Исправлено |
openexr | c10f1 | 2.5.3-alt1 | 2.5.6-alt4 | ALT-PU-2020-3136-1 | 260406 | Исправлено |
openexr | p11 | 2.5.3-alt1 | 3.1.5-alt2.2 | ALT-PU-2020-3136-1 | 260406 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 |
|
https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 |
|
https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 |
|
USN-4339-1 |
|
DSA-4755 |
|
[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update |
|
https://support.apple.com/kb/HT211293 |
|
https://support.apple.com/kb/HT211290 |
|
https://support.apple.com/kb/HT211291 |
|
https://support.apple.com/kb/HT211288 |
|
https://support.apple.com/kb/HT211289 |
|
https://support.apple.com/kb/HT211294 |
|
https://support.apple.com/kb/HT211295 |
|
GLSA-202107-27 |
|
FEDORA-2020-e244f22a51 |