Уязвимость CVE-2020-15305: Информация
Описание
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
Важность: MEDIUM (5,5) Вектор: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
|---|---|---|---|---|---|---|
| ilmbase | sisyphus | 2.5.3-alt1 | 2.5.6-alt2 | ALT-PU-2020-3135-1 | 260406 | Исправлено |
| ilmbase | p10 | 2.5.3-alt1 | 2.5.6-alt2 | ALT-PU-2020-3135-1 | 260406 | Исправлено |
| ilmbase | p9 | 2.5.3-alt1 | 2.5.6-alt1 | ALT-PU-2021-1312-1 | 265603 | Исправлено |
| ilmbase | c10f1 | 2.5.3-alt1 | 2.5.6-alt2 | ALT-PU-2020-3135-1 | 260406 | Исправлено |
| ilmbase | p11 | 2.5.3-alt1 | 2.5.6-alt2 | ALT-PU-2020-3135-1 | 260406 | Исправлено |
| openexr | sisyphus | 2.5.3-alt1 | 3.1.5-alt2.2 | ALT-PU-2020-3136-1 | 260406 | Исправлено |
| openexr | p10 | 2.5.3-alt1 | 2.5.6-alt4 | ALT-PU-2020-3136-1 | 260406 | Исправлено |
| openexr | p9 | 2.5.3-alt1 | 2.5.6-alt1 | ALT-PU-2021-1313-1 | 265603 | Исправлено |
| openexr | c10f1 | 2.5.3-alt1 | 2.5.6-alt4 | ALT-PU-2020-3136-1 | 260406 | Исправлено |
| openexr | p11 | 2.5.3-alt1 | 3.1.5-alt2.2 | ALT-PU-2020-3136-1 | 260406 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
|---|---|
| https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md |
|
| https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md |
|
| https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 |
|
| https://github.com/AcademySoftwareFoundation/openexr/pull/730 |
|
| USN-4418-1 |
|
| openSUSE-SU-2020:0970 |
|
| openSUSE-SU-2020:1015 |
|
| DSA-4755 |
|
| [debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update |
|
| GLSA-202107-27 |
|
| FEDORA-2020-8394f7fd12 | |
| FEDORA-2020-a9a0f8f6cd |