Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2020-11760
Vulnerability from cvelistv5
Published
2020-04-14 22:42
Modified
2024-08-04 11:41
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:41:59.458Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", }, { name: "USN-4339-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4339-1/", }, { name: "FEDORA-2020-e244f22a51", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/", }, { name: "openSUSE-SU-2020:0682", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211288", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211290", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211289", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211291", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211293", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211295", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211294", }, { name: "DSA-4755", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4755", }, { name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", }, { name: "GLSA-202107-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-11T03:06:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", }, { name: "USN-4339-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4339-1/", }, { name: "FEDORA-2020-e244f22a51", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/", }, { name: "openSUSE-SU-2020:0682", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211288", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211290", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211289", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211291", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211293", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211295", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211294", }, { name: "DSA-4755", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4755", }, { name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", }, { name: "GLSA-202107-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-27", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11760", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", refsource: "MISC", url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", }, { name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", refsource: "MISC", url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", }, { name: "USN-4339-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4339-1/", }, { name: "FEDORA-2020-e244f22a51", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/", }, { name: "openSUSE-SU-2020:0682", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html", }, { name: "https://support.apple.com/kb/HT211288", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211288", }, { name: "https://support.apple.com/kb/HT211290", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211290", }, { name: "https://support.apple.com/kb/HT211289", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211289", }, { name: "https://support.apple.com/kb/HT211291", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211291", }, { name: "https://support.apple.com/kb/HT211293", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211293", }, { name: "https://support.apple.com/kb/HT211295", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211295", }, { name: "https://support.apple.com/kb/HT211294", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211294", }, { name: "DSA-4755", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4755", }, { name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", }, { name: "GLSA-202107-27", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-27", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11760", datePublished: "2020-04-14T22:42:50", dateReserved: "2020-04-14T00:00:00", dateUpdated: "2024-08-04T11:41:59.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.4.1\", \"matchCriteriaId\": \"57A8F73B-345B-48BD-8D9B-92AD24033265\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"7.20\", \"matchCriteriaId\": \"5B3BB46F-F586-4A2B-91C6-4D3AA226B478\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"10.0\", \"versionEndExcluding\": \"11.3\", \"matchCriteriaId\": \"5DBDFC69-1F0F-40E9-833E-FBFB92DF0541\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"12.10.8\", \"matchCriteriaId\": \"B626717E-0DED-4C76-B92D-D58AB27EED01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.6\", \"matchCriteriaId\": \"87D68071-5235-4B50-90F0-B55B0C668840\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.6\", \"matchCriteriaId\": \"0639A5DE-4A59-4F10-A0E7-F6B933E44D47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.15.6\", \"matchCriteriaId\": \"FD0ACF42-C643-4DED-ADF7-4FA29B7578F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.13.0\", \"versionEndExcluding\": \"10.13.6\", \"matchCriteriaId\": \"2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.14.0\", \"versionEndExcluding\": \"10.14.6\", \"matchCriteriaId\": \"3E76BECE-0843-4B9F-90DE-7690764701B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"297D2D0C-EA9D-4B2C-9357-D88DB6C7143A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D845143-1B4D-478B-B83E-8F1664CBCAC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*\", \"matchCriteriaId\": \"23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*\", \"matchCriteriaId\": \"754A2DF4-8724-4448-A2AB-AC5442029CB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*\", \"matchCriteriaId\": \"D392C777-1949-4920-B459-D083228E4688\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*\", \"matchCriteriaId\": \"68B0A232-F2A4-4B87-99EB-3A532DFA87DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DF528F7-0F1E-4E55-A088-91327E3C360C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*\", \"matchCriteriaId\": \"E222445A-D398-47C8-9639-4BAE36B69AA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*\", \"matchCriteriaId\": \"9425DAC8-038D-4B09-A074-3780AED912FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EA63C1C-1EEC-4961-A7B7-439D21293B99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2F5D631-2306-4526-BEE5-22456D95ABAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*\", \"matchCriteriaId\": \"F79B7361-F2F2-4FA6-A27D-CC8F2D37A726\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*\", \"matchCriteriaId\": \"09FA5087-C576-483F-B660-F9D155933CC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFE26ECC-A2C2-4501-9950-510DE0E1BD86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*\", \"matchCriteriaId\": \"26108BEF-0847-4AB0-BD98-35344DFA7835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*\", \"matchCriteriaId\": \"A369D48B-6A0A-47AE-9513-D5E2E6F30931\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*\", \"matchCriteriaId\": \"510F8317-94DA-498E-927A-83D5F41AF54A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D5D1970-6D2A-42CA-A203-42023D71730D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*\", \"matchCriteriaId\": \"C68AE52B-5139-40A4-AE9A-E752DBF07D1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FD3467D-7679-479F-9C0B-A93F7CD0929D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4C6098E-EDBD-4A85-8282-B2E9D9333872\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*\", \"matchCriteriaId\": \"518BB47B-DD76-4E8C-9F10-7EBC1E146191\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.4.8\", \"matchCriteriaId\": \"888463CA-9C67-46B2-B197-DDD3A668F980\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.2.8\", \"matchCriteriaId\": \"494FA012-A268-42FC-B023-2A10817B1096\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de l\\u00edmites durante una descompresi\\u00f3n RLE en la funci\\u00f3n rleUncompress en el archivo ImfRle.cpp.\"}]", id: "CVE-2020-11760", lastModified: "2024-11-21T04:58:32.837", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", published: "2020-04-14T23:15:12.277", references: "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.chromium.org/p/project-zero/issues/detail?id=1987\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202107-27\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211288\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211289\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211290\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211291\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211293\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211294\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211295\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4339-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4755\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.chromium.org/p/project-zero/issues/detail?id=1987\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202107-27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211288\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211289\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211293\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211294\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT211295\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4339-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4755\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2020-11760\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-04-14T23:15:12.277\",\"lastModified\":\"2024-11-21T04:58:32.837\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.\"},{\"lang\":\"es\",\"value\":\"Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de límites durante una descompresión RLE en la función rleUncompress en el archivo ImfRle.cpp.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.1\",\"matchCriteriaId\":\"57A8F73B-345B-48BD-8D9B-92AD24033265\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"7.20\",\"matchCriteriaId\":\"5B3BB46F-F586-4A2B-91C6-4D3AA226B478\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"5DBDFC69-1F0F-40E9-833E-FBFB92DF0541\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.10.8\",\"matchCriteriaId\":\"B626717E-0DED-4C76-B92D-D58AB27EED01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"87D68071-5235-4B50-90F0-B55B0C668840\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"0639A5DE-4A59-4F10-A0E7-F6B933E44D47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.6\",\"matchCriteriaId\":\"FD0ACF42-C643-4DED-ADF7-4FA29B7578F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.13.0\",\"versionEndExcluding\":\"10.13.6\",\"matchCriteriaId\":\"2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.14.0\",\"versionEndExcluding\":\"10.14.6\",\"matchCriteriaId\":\"3E76BECE-0843-4B9F-90DE-7690764701B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"297D2D0C-EA9D-4B2C-9357-D88DB6C7143A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D845143-1B4D-478B-B83E-8F1664CBCAC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"754A2DF4-8724-4448-A2AB-AC5442029CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"D392C777-1949-4920-B459-D083228E4688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"68B0A232-F2A4-4B87-99EB-3A532DFA87DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF528F7-0F1E-4E55-A088-91327E3C360C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*\",\"matchCriteriaId\":\"E222445A-D398-47C8-9639-4BAE36B69AA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*\",\"matchCriteriaId\":\"9425DAC8-038D-4B09-A074-3780AED912FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EA63C1C-1EEC-4961-A7B7-439D21293B99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2F5D631-2306-4526-BEE5-22456D95ABAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"F79B7361-F2F2-4FA6-A27D-CC8F2D37A726\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"09FA5087-C576-483F-B660-F9D155933CC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE26ECC-A2C2-4501-9950-510DE0E1BD86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"26108BEF-0847-4AB0-BD98-35344DFA7835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*\",\"matchCriteriaId\":\"A369D48B-6A0A-47AE-9513-D5E2E6F30931\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*\",\"matchCriteriaId\":\"510F8317-94DA-498E-927A-83D5F41AF54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D5D1970-6D2A-42CA-A203-42023D71730D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*\",\"matchCriteriaId\":\"C68AE52B-5139-40A4-AE9A-E752DBF07D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FD3467D-7679-479F-9C0B-A93F7CD0929D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C6098E-EDBD-4A85-8282-B2E9D9333872\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"518BB47B-DD76-4E8C-9F10-7EBC1E146191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4.8\",\"matchCriteriaId\":\"888463CA-9C67-46B2-B197-DDD3A668F980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.8\",\"matchCriteriaId\":\"494FA012-A268-42FC-B023-2A10817B1096\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1987\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202107-27\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211288\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211289\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211290\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211293\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211294\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211295\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4339-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4755\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT211295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4339-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
suse-su-2020:1292-1
Vulnerability from csaf_suse
Published
2020-05-18 05:37
Modified
2020-05-18 05:37
Summary
Security update for openexr
Notes
Title of the patch
Security update for openexr
Description of the patch
This update for openexr provides the following fix:
Security issues fixed:
- CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).
- CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).
- CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).
- CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).
Non-security issue fixed:
- Enable tests when building the package on x86_64. (bsc#1146648)
Patchnames
SUSE-2020-1292,SUSE-SLE-SDK-12-SP4-2020-1292,SUSE-SLE-SDK-12-SP5-2020-1292,SUSE-SLE-SERVER-12-SP4-2020-1292,SUSE-SLE-SERVER-12-SP5-2020-1292,SUSE-SLE-WE-12-SP4-2020-1292,SUSE-SLE-WE-12-SP5-2020-1292
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for openexr", title: "Title of the patch", }, { category: "description", text: "This update for openexr provides the following fix:\n\nSecurity issues fixed:\n\n- CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n- CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n- CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).\n- CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).\n\nNon-security issue fixed:\n\n- Enable tests when building the package on x86_64. (bsc#1146648)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-1292,SUSE-SLE-SDK-12-SP4-2020-1292,SUSE-SLE-SDK-12-SP5-2020-1292,SUSE-SLE-SERVER-12-SP4-2020-1292,SUSE-SLE-SERVER-12-SP5-2020-1292,SUSE-SLE-WE-12-SP4-2020-1292,SUSE-SLE-WE-12-SP5-2020-1292", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1292-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:1292-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20201292-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:1292-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-May/006828.html", }, { category: "self", summary: "SUSE Bug 1146648", url: "https://bugzilla.suse.com/1146648", }, { category: "self", summary: "SUSE Bug 1169573", url: "https://bugzilla.suse.com/1169573", }, { category: "self", summary: "SUSE Bug 1169574", url: "https://bugzilla.suse.com/1169574", }, { category: "self", summary: "SUSE Bug 1169576", url: "https://bugzilla.suse.com/1169576", }, { category: "self", summary: "SUSE Bug 1169580", url: "https://bugzilla.suse.com/1169580", }, { category: "self", summary: "SUSE CVE CVE-2020-11758 page", url: "https://www.suse.com/security/cve/CVE-2020-11758/", }, { category: "self", summary: "SUSE CVE CVE-2020-11760 page", url: "https://www.suse.com/security/cve/CVE-2020-11760/", }, { category: "self", summary: "SUSE CVE CVE-2020-11763 page", url: "https://www.suse.com/security/cve/CVE-2020-11763/", }, { category: "self", summary: "SUSE CVE CVE-2020-11764 page", url: "https://www.suse.com/security/cve/CVE-2020-11764/", }, ], title: "Security update for openexr", tracking: { current_release_date: "2020-05-18T05:37:49Z", generator: { date: "2020-05-18T05:37:49Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:1292-1", initial_release_date: "2020-05-18T05:37:49Z", revision_history: [ { date: "2020-05-18T05:37:49Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", product: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", product_id: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", }, }, { category: "product_version", name: "openexr-2.1.0-6.20.1.aarch64", product: { name: "openexr-2.1.0-6.20.1.aarch64", product_id: "openexr-2.1.0-6.20.1.aarch64", }, }, { category: "product_version", name: "openexr-devel-2.1.0-6.20.1.aarch64", product: { name: "openexr-devel-2.1.0-6.20.1.aarch64", product_id: "openexr-devel-2.1.0-6.20.1.aarch64", }, }, { category: "product_version", name: "openexr-doc-2.1.0-6.20.1.aarch64", product: { name: "openexr-doc-2.1.0-6.20.1.aarch64", product_id: "openexr-doc-2.1.0-6.20.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libIlmImf-Imf_2_1-21-64bit-2.1.0-6.20.1.aarch64_ilp32", product: { name: "libIlmImf-Imf_2_1-21-64bit-2.1.0-6.20.1.aarch64_ilp32", product_id: "libIlmImf-Imf_2_1-21-64bit-2.1.0-6.20.1.aarch64_ilp32", }, }, ], category: "architecture", name: "aarch64_ilp32", }, { branches: [ { category: "product_version", name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.i586", product: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.i586", product_id: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.i586", }, }, { category: "product_version", name: "openexr-2.1.0-6.20.1.i586", product: { name: "openexr-2.1.0-6.20.1.i586", product_id: "openexr-2.1.0-6.20.1.i586", }, }, { category: "product_version", name: "openexr-devel-2.1.0-6.20.1.i586", product: { name: "openexr-devel-2.1.0-6.20.1.i586", product_id: "openexr-devel-2.1.0-6.20.1.i586", }, }, { category: "product_version", name: "openexr-doc-2.1.0-6.20.1.i586", product: { name: "openexr-doc-2.1.0-6.20.1.i586", product_id: "openexr-doc-2.1.0-6.20.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", product: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", product_id: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", }, }, { category: "product_version", name: "openexr-2.1.0-6.20.1.ppc64le", product: { name: "openexr-2.1.0-6.20.1.ppc64le", product_id: "openexr-2.1.0-6.20.1.ppc64le", }, }, { category: "product_version", name: "openexr-devel-2.1.0-6.20.1.ppc64le", product: { name: "openexr-devel-2.1.0-6.20.1.ppc64le", product_id: "openexr-devel-2.1.0-6.20.1.ppc64le", }, }, { category: "product_version", name: "openexr-doc-2.1.0-6.20.1.ppc64le", product: { name: "openexr-doc-2.1.0-6.20.1.ppc64le", product_id: "openexr-doc-2.1.0-6.20.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390", product: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390", product_id: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390", }, }, { category: "product_version", name: "openexr-2.1.0-6.20.1.s390", product: { name: "openexr-2.1.0-6.20.1.s390", product_id: "openexr-2.1.0-6.20.1.s390", }, }, { category: "product_version", name: "openexr-devel-2.1.0-6.20.1.s390", product: { name: "openexr-devel-2.1.0-6.20.1.s390", product_id: "openexr-devel-2.1.0-6.20.1.s390", }, }, { category: "product_version", name: "openexr-doc-2.1.0-6.20.1.s390", product: { name: "openexr-doc-2.1.0-6.20.1.s390", product_id: "openexr-doc-2.1.0-6.20.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", product: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", product_id: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", }, }, { category: "product_version", name: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.s390x", product: { name: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.s390x", product_id: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.s390x", }, }, { category: "product_version", name: "openexr-2.1.0-6.20.1.s390x", product: { name: "openexr-2.1.0-6.20.1.s390x", product_id: "openexr-2.1.0-6.20.1.s390x", }, }, { category: "product_version", name: "openexr-devel-2.1.0-6.20.1.s390x", product: { name: "openexr-devel-2.1.0-6.20.1.s390x", product_id: "openexr-devel-2.1.0-6.20.1.s390x", }, }, { category: "product_version", name: "openexr-doc-2.1.0-6.20.1.s390x", product: { name: "openexr-doc-2.1.0-6.20.1.s390x", product_id: "openexr-doc-2.1.0-6.20.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", product: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", product_id: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", }, }, { category: "product_version", name: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", product: { name: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", product_id: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", }, }, { category: "product_version", name: "openexr-2.1.0-6.20.1.x86_64", product: { name: "openexr-2.1.0-6.20.1.x86_64", product_id: "openexr-2.1.0-6.20.1.x86_64", }, }, { category: "product_version", name: "openexr-devel-2.1.0-6.20.1.x86_64", product: { name: "openexr-devel-2.1.0-6.20.1.x86_64", product_id: "openexr-devel-2.1.0-6.20.1.x86_64", }, }, { category: "product_version", name: "openexr-doc-2.1.0-6.20.1.x86_64", product: { name: "openexr-doc-2.1.0-6.20.1.x86_64", product_id: "openexr-doc-2.1.0-6.20.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP4", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4", product: { name: "SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Workstation Extension 12 SP4", product: { name: "SUSE Linux Enterprise Workstation Extension 12 SP4", product_id: "SUSE Linux Enterprise Workstation Extension 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-we:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Workstation Extension 12 SP5", product: { name: "SUSE Linux Enterprise Workstation Extension 12 SP5", product_id: "SUSE Linux Enterprise Workstation Extension 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-we:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openexr-devel-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", }, product_reference: "openexr-devel-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", }, product_reference: "openexr-devel-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", }, product_reference: "openexr-devel-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", }, product_reference: "openexr-devel-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", }, product_reference: "openexr-devel-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", }, product_reference: "openexr-devel-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", }, product_reference: "openexr-devel-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", }, product_reference: "openexr-devel-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", }, product_reference: "openexr-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", }, product_reference: "openexr-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", }, product_reference: "openexr-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", }, product_reference: "openexr-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", }, product_reference: "openexr-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", }, product_reference: "openexr-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", }, product_reference: "openexr-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", }, product_reference: "openexr-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", }, product_reference: "openexr-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", }, product_reference: "openexr-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", }, product_reference: "openexr-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", }, product_reference: "openexr-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", }, product_reference: "libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", }, product_reference: "openexr-2.1.0-6.20.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", }, product_reference: "openexr-2.1.0-6.20.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", }, product_reference: "openexr-2.1.0-6.20.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "openexr-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", }, product_reference: "openexr-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP4", product_id: "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", }, product_reference: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Workstation Extension 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5", product_id: "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", }, product_reference: "libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Workstation Extension 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2020-11758", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11758", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11758", url: "https://www.suse.com/security/cve/CVE-2020-11758", }, { category: "external", summary: "SUSE Bug 1169549 for CVE-2020-11758", url: "https://bugzilla.suse.com/1169549", }, { category: "external", summary: "SUSE Bug 1169573 for CVE-2020-11758", url: "https://bugzilla.suse.com/1169573", }, { category: "external", summary: "SUSE Bug 1169574 for CVE-2020-11758", url: "https://bugzilla.suse.com/1169574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:37:49Z", details: "low", }, ], title: "CVE-2020-11758", }, { cve: "CVE-2020-11760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11760", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11760", url: "https://www.suse.com/security/cve/CVE-2020-11760", }, { category: "external", summary: "SUSE Bug 1169580 for CVE-2020-11760", url: "https://bugzilla.suse.com/1169580", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:37:49Z", details: "low", }, ], title: "CVE-2020-11760", }, { cve: "CVE-2020-11763", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11763", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11763", url: "https://www.suse.com/security/cve/CVE-2020-11763", }, { category: "external", summary: "SUSE Bug 1169576 for CVE-2020-11763", url: "https://bugzilla.suse.com/1169576", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:37:49Z", details: "low", }, ], title: "CVE-2020-11763", }, { cve: "CVE-2020-11764", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11764", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11764", url: "https://www.suse.com/security/cve/CVE-2020-11764", }, { category: "external", summary: "SUSE Bug 1169574 for CVE-2020-11764", url: "https://bugzilla.suse.com/1169574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openexr-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:openexr-devel-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP4:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP5:libIlmImf-Imf_2_1-21-32bit-2.1.0-6.20.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:37:49Z", details: "low", }, ], title: "CVE-2020-11764", }, ], }
suse-su-2020:1293-1
Vulnerability from csaf_suse
Published
2020-05-18 05:38
Modified
2020-05-18 05:38
Summary
Security update for openexr
Notes
Title of the patch
Security update for openexr
Description of the patch
This update for openexr provides the following fix:
Security issues fixed:
- CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).
- CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).
- CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).
- CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).
- CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).
- CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).
- CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).
Non-security issue fixed:
- Enable tests when building the package on x86_64. (bsc#1146648)
Patchnames
SUSE-2020-1293,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1293,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1293
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for openexr", title: "Title of the patch", }, { category: "description", text: "This update for openexr provides the following fix:\n\nSecurity issues fixed:\n\n- CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n- CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n- CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n- CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).\n- CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).\n- CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).\n- CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed:\n\n- Enable tests when building the package on x86_64. (bsc#1146648)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-1293,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1293,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1293", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1293-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:1293-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20201293-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:1293-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-May/006826.html", }, { category: "self", summary: "SUSE Bug 1146648", url: "https://bugzilla.suse.com/1146648", }, { category: "self", summary: "SUSE Bug 1169549", url: "https://bugzilla.suse.com/1169549", }, { category: "self", summary: "SUSE Bug 1169573", url: "https://bugzilla.suse.com/1169573", }, { category: "self", summary: "SUSE Bug 1169574", url: "https://bugzilla.suse.com/1169574", }, { category: "self", summary: "SUSE Bug 1169575", url: "https://bugzilla.suse.com/1169575", }, { category: "self", summary: "SUSE Bug 1169576", url: "https://bugzilla.suse.com/1169576", }, { category: "self", summary: "SUSE Bug 1169578", url: "https://bugzilla.suse.com/1169578", }, { category: "self", summary: "SUSE Bug 1169580", url: "https://bugzilla.suse.com/1169580", }, { category: "self", summary: "SUSE CVE CVE-2020-11758 page", url: "https://www.suse.com/security/cve/CVE-2020-11758/", }, { category: "self", summary: "SUSE CVE CVE-2020-11760 page", url: "https://www.suse.com/security/cve/CVE-2020-11760/", }, { category: "self", summary: "SUSE CVE CVE-2020-11761 page", url: "https://www.suse.com/security/cve/CVE-2020-11761/", }, { category: "self", summary: "SUSE CVE CVE-2020-11762 page", url: "https://www.suse.com/security/cve/CVE-2020-11762/", }, { category: "self", summary: "SUSE CVE CVE-2020-11763 page", url: "https://www.suse.com/security/cve/CVE-2020-11763/", }, { category: "self", summary: "SUSE CVE CVE-2020-11764 page", url: "https://www.suse.com/security/cve/CVE-2020-11764/", }, { category: "self", summary: "SUSE CVE CVE-2020-11765 page", url: "https://www.suse.com/security/cve/CVE-2020-11765/", }, ], title: "Security update for openexr", tracking: { current_release_date: "2020-05-18T05:38:10Z", generator: { date: "2020-05-18T05:38:10Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:1293-1", initial_release_date: "2020-05-18T05:38:10Z", revision_history: [ { date: "2020-05-18T05:38:10Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", product: { name: "libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", product_id: "libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", product: { name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", product_id: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", }, }, { category: "product_version", name: "openexr-2.2.1-3.14.1.aarch64", product: { name: "openexr-2.2.1-3.14.1.aarch64", product_id: "openexr-2.2.1-3.14.1.aarch64", }, }, { category: "product_version", name: "openexr-devel-2.2.1-3.14.1.aarch64", product: { name: "openexr-devel-2.2.1-3.14.1.aarch64", product_id: "openexr-devel-2.2.1-3.14.1.aarch64", }, }, { category: "product_version", name: "openexr-doc-2.2.1-3.14.1.aarch64", product: { name: "openexr-doc-2.2.1-3.14.1.aarch64", product_id: "openexr-doc-2.2.1-3.14.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libIlmImf-2_2-23-64bit-2.2.1-3.14.1.aarch64_ilp32", product: { name: "libIlmImf-2_2-23-64bit-2.2.1-3.14.1.aarch64_ilp32", product_id: "libIlmImf-2_2-23-64bit-2.2.1-3.14.1.aarch64_ilp32", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-64bit-2.2.1-3.14.1.aarch64_ilp32", product: { name: "libIlmImfUtil-2_2-23-64bit-2.2.1-3.14.1.aarch64_ilp32", product_id: "libIlmImfUtil-2_2-23-64bit-2.2.1-3.14.1.aarch64_ilp32", }, }, ], category: "architecture", name: "aarch64_ilp32", }, { branches: [ { category: "product_version", name: "libIlmImf-2_2-23-2.2.1-3.14.1.i586", product: { name: "libIlmImf-2_2-23-2.2.1-3.14.1.i586", product_id: "libIlmImf-2_2-23-2.2.1-3.14.1.i586", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.i586", product: { name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.i586", product_id: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.i586", }, }, { category: "product_version", name: "openexr-2.2.1-3.14.1.i586", product: { name: "openexr-2.2.1-3.14.1.i586", product_id: "openexr-2.2.1-3.14.1.i586", }, }, { category: "product_version", name: "openexr-devel-2.2.1-3.14.1.i586", product: { name: "openexr-devel-2.2.1-3.14.1.i586", product_id: "openexr-devel-2.2.1-3.14.1.i586", }, }, { category: "product_version", name: "openexr-doc-2.2.1-3.14.1.i586", product: { name: "openexr-doc-2.2.1-3.14.1.i586", product_id: "openexr-doc-2.2.1-3.14.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", product: { name: "libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", product_id: "libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", product: { name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", product_id: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", }, }, { category: "product_version", name: "openexr-2.2.1-3.14.1.ppc64le", product: { name: "openexr-2.2.1-3.14.1.ppc64le", product_id: "openexr-2.2.1-3.14.1.ppc64le", }, }, { category: "product_version", name: "openexr-devel-2.2.1-3.14.1.ppc64le", product: { name: "openexr-devel-2.2.1-3.14.1.ppc64le", product_id: "openexr-devel-2.2.1-3.14.1.ppc64le", }, }, { category: "product_version", name: "openexr-doc-2.2.1-3.14.1.ppc64le", product: { name: "openexr-doc-2.2.1-3.14.1.ppc64le", product_id: "openexr-doc-2.2.1-3.14.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libIlmImf-2_2-23-2.2.1-3.14.1.s390x", product: { name: "libIlmImf-2_2-23-2.2.1-3.14.1.s390x", product_id: "libIlmImf-2_2-23-2.2.1-3.14.1.s390x", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", product: { name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", product_id: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", }, }, { category: "product_version", name: "openexr-2.2.1-3.14.1.s390x", product: { name: "openexr-2.2.1-3.14.1.s390x", product_id: "openexr-2.2.1-3.14.1.s390x", }, }, { category: "product_version", name: "openexr-devel-2.2.1-3.14.1.s390x", product: { name: "openexr-devel-2.2.1-3.14.1.s390x", product_id: "openexr-devel-2.2.1-3.14.1.s390x", }, }, { category: "product_version", name: "openexr-doc-2.2.1-3.14.1.s390x", product: { name: "openexr-doc-2.2.1-3.14.1.s390x", product_id: "openexr-doc-2.2.1-3.14.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", product: { name: "libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", product_id: "libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", }, }, { category: "product_version", name: "libIlmImf-2_2-23-32bit-2.2.1-3.14.1.x86_64", product: { name: "libIlmImf-2_2-23-32bit-2.2.1-3.14.1.x86_64", product_id: "libIlmImf-2_2-23-32bit-2.2.1-3.14.1.x86_64", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", product: { name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", product_id: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-32bit-2.2.1-3.14.1.x86_64", product: { name: "libIlmImfUtil-2_2-23-32bit-2.2.1-3.14.1.x86_64", product_id: "libIlmImfUtil-2_2-23-32bit-2.2.1-3.14.1.x86_64", }, }, { category: "product_version", name: "openexr-2.2.1-3.14.1.x86_64", product: { name: "openexr-2.2.1-3.14.1.x86_64", product_id: "openexr-2.2.1-3.14.1.x86_64", }, }, { category: "product_version", name: "openexr-devel-2.2.1-3.14.1.x86_64", product: { name: "openexr-devel-2.2.1-3.14.1.x86_64", product_id: "openexr-devel-2.2.1-3.14.1.x86_64", }, }, { category: "product_version", name: "openexr-doc-2.2.1-3.14.1.x86_64", product: { name: "openexr-doc-2.2.1-3.14.1.x86_64", product_id: "openexr-doc-2.2.1-3.14.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product: { name: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-desktop-applications:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libIlmImf-2_2-23-2.2.1-3.14.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", }, product_reference: "libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", }, product_reference: "libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-2_2-23-2.2.1-3.14.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", }, product_reference: "libIlmImf-2_2-23-2.2.1-3.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-2_2-23-2.2.1-3.14.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", }, product_reference: "libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", }, product_reference: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", }, product_reference: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", }, product_reference: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", }, product_reference: "libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.2.1-3.14.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", }, product_reference: "openexr-devel-2.2.1-3.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.2.1-3.14.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", }, product_reference: "openexr-devel-2.2.1-3.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.2.1-3.14.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", }, product_reference: "openexr-devel-2.2.1-3.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.2.1-3.14.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", }, product_reference: "openexr-devel-2.2.1-3.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-11758", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11758", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11758", url: "https://www.suse.com/security/cve/CVE-2020-11758", }, { category: "external", summary: "SUSE Bug 1169549 for CVE-2020-11758", url: "https://bugzilla.suse.com/1169549", }, { category: "external", summary: "SUSE Bug 1169573 for CVE-2020-11758", url: "https://bugzilla.suse.com/1169573", }, { category: "external", summary: "SUSE Bug 1169574 for CVE-2020-11758", url: "https://bugzilla.suse.com/1169574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:38:10Z", details: "low", }, ], title: "CVE-2020-11758", }, { cve: "CVE-2020-11760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11760", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11760", url: "https://www.suse.com/security/cve/CVE-2020-11760", }, { category: "external", summary: "SUSE Bug 1169580 for CVE-2020-11760", url: "https://bugzilla.suse.com/1169580", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:38:10Z", details: "low", }, ], title: "CVE-2020-11760", }, { cve: "CVE-2020-11761", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11761", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11761", url: "https://www.suse.com/security/cve/CVE-2020-11761", }, { category: "external", summary: "SUSE Bug 1169578 for CVE-2020-11761", url: "https://bugzilla.suse.com/1169578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:38:10Z", details: "low", }, ], title: "CVE-2020-11761", }, { cve: "CVE-2020-11762", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11762", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11762", url: "https://www.suse.com/security/cve/CVE-2020-11762", }, { category: "external", summary: "SUSE Bug 1169549 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169549", }, { category: "external", summary: "SUSE Bug 1169573 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169573", }, { category: "external", summary: "SUSE Bug 1169574 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169574", }, { category: "external", summary: "SUSE Bug 1169575 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169575", }, { category: "external", summary: "SUSE Bug 1169576 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169576", }, { category: "external", summary: "SUSE Bug 1169578 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169578", }, { category: "external", summary: "SUSE Bug 1169579 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169579", }, { category: "external", summary: "SUSE Bug 1169580 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169580", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:38:10Z", details: "moderate", }, ], title: "CVE-2020-11762", }, { cve: "CVE-2020-11763", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11763", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11763", url: "https://www.suse.com/security/cve/CVE-2020-11763", }, { category: "external", summary: "SUSE Bug 1169576 for CVE-2020-11763", url: "https://bugzilla.suse.com/1169576", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:38:10Z", details: "low", }, ], title: "CVE-2020-11763", }, { cve: "CVE-2020-11764", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11764", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11764", url: "https://www.suse.com/security/cve/CVE-2020-11764", }, { category: "external", summary: "SUSE Bug 1169574 for CVE-2020-11764", url: "https://bugzilla.suse.com/1169574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:38:10Z", details: "low", }, ], title: "CVE-2020-11764", }, { cve: "CVE-2020-11765", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11765", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11765", url: "https://www.suse.com/security/cve/CVE-2020-11765", }, { category: "external", summary: "SUSE Bug 1169575 for CVE-2020-11765", url: "https://bugzilla.suse.com/1169575", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImf-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libIlmImfUtil-2_2-23-2.2.1-3.14.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:openexr-devel-2.2.1-3.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-18T05:38:10Z", details: "low", }, ], title: "CVE-2020-11765", }, ], }
var-202004-0470
Vulnerability from variot
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'rleUncompress' function of the ImfRle.cpp file in versions prior to LIM OpenEXR 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27
https://security.gentoo.org/
Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27
Synopsis
Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code.
Background
OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/openexr < 2.5.6 >= 2.5.6
Description
Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All OpenEXR users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6"
References
[ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-27
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1.
We recommend that you upgrade your openexr packages.
For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0470", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ipados", scope: "lt", trust: 1, vendor: "apple", version: "13.6", }, { model: "watchos", scope: "lt", trust: 1, vendor: "apple", version: "6.2.8", }, { model: "leap", scope: "eq", trust: 1, vendor: "opensuse", version: "15.1", }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: "10.13.6", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "10.0", }, { model: "icloud", scope: "lt", trust: 1, vendor: "apple", version: "7.20", }, { model: "itunes", scope: "lt", trust: 1, vendor: "apple", version: "12.10.8", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "9.0", }, { model: "mac os x", scope: "lt", trust: 1, vendor: "apple", version: "10.14.6", }, { model: "openexr", scope: "lt", trust: 1, vendor: "openexr", version: "2.4.1", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "32", }, { model: "mac os x", scope: "gte", trust: 1, vendor: "apple", version: "10.14.0", }, { model: "icloud", scope: "lt", trust: 1, vendor: "apple", version: "11.3", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "16.04", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "20.04", }, { model: "mac os x", scope: "gte", trust: 1, vendor: "apple", version: "10.13.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "18.04", }, { model: "iphone os", scope: "lt", trust: 1, vendor: "apple", version: "13.6", }, { model: "icloud", scope: "gte", trust: 1, vendor: "apple", version: "10.0", }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: "10.14.6", }, { model: "mac os x", scope: "lt", trust: 1, vendor: "apple", version: "10.15.6", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "19.10", }, { model: "mac os x", scope: "lt", trust: 1, vendor: "apple", version: "10.13.6", }, { model: "tvos", scope: "lt", trust: 1, vendor: "apple", version: "13.4.8", }, { model: "openexr", scope: "eq", trust: 0.8, vendor: "openexr", version: "2.4.1", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.0.4", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.0.7", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.1.0", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.1.1", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.2.1", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.2.2", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.3.0", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.3.1", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.3.2", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.4.0", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.7.0", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "1.7.1", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "2.0.0", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "2.0.1", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "2.1.0", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "2.2.0", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "2.2.1", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "2.3.0", }, { model: "openexr", scope: "eq", trust: 0.1, vendor: "openexr", version: "2.4.0", }, ], sources: [ { db: "VULMON", id: "CVE-2020-11760", }, { db: "JVNDB", id: "JVNDB-2020-004070", }, { db: "NVD", id: "CVE-2020-11760", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.4.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.15.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.4.8", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", cpe_name: [], versionEndExcluding: "7.20", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", cpe_name: [], versionEndExcluding: "12.10.8", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.2.8", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", cpe_name: [], versionEndExcluding: "11.3", versionStartIncluding: "10.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.13.6", versionStartIncluding: "10.13.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.14.6", versionStartIncluding: "10.14.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-11760", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Gentoo", sources: [ { db: "PACKETSTORM", id: "163465", }, ], trust: 0.1, }, cve: "CVE-2020-11760", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-004070", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-164371", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2020-11760", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-004070", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-11760", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2020-004070", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-948", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-164371", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-11760", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-164371", }, { db: "VULMON", id: "CVE-2020-11760", }, { db: "JVNDB", id: "JVNDB-2020-004070", }, { db: "NVD", id: "CVE-2020-11760", }, { db: "CNNVD", id: "CNNVD-202004-948", }, { db: "CNNVD", id: "CNNVD-202104-975", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. OpenEXR Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in the 'rleUncompress' function of the ImfRle.cpp file in versions prior to LIM OpenEXR 2.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenEXR: Multiple vulnerabilities\n Date: July 11, 2021\n Bugs: #717474, #746794, #762862, #770229, #776808\n ID: 202107-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenEXR, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by\nIndustrial Light & Magic for use in computer imaging applications. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/openexr < 2.5.6 >= 2.5.6 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenEXR users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/openexr-2.5.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-11758\n https://nvd.nist.gov/vuln/detail/CVE-2020-11758\n[ 2 ] CVE-2020-11759\n https://nvd.nist.gov/vuln/detail/CVE-2020-11759\n[ 3 ] CVE-2020-11760\n https://nvd.nist.gov/vuln/detail/CVE-2020-11760\n[ 4 ] CVE-2020-11761\n https://nvd.nist.gov/vuln/detail/CVE-2020-11761\n[ 5 ] CVE-2020-11762\n https://nvd.nist.gov/vuln/detail/CVE-2020-11762\n[ 6 ] CVE-2020-11763\n https://nvd.nist.gov/vuln/detail/CVE-2020-11763\n[ 7 ] CVE-2020-11764\n https://nvd.nist.gov/vuln/detail/CVE-2020-11764\n[ 8 ] CVE-2020-11765\n https://nvd.nist.gov/vuln/detail/CVE-2020-11765\n[ 9 ] CVE-2020-15304\n https://nvd.nist.gov/vuln/detail/CVE-2020-15304\n[ 10 ] CVE-2020-15305\n https://nvd.nist.gov/vuln/detail/CVE-2020-15305\n[ 11 ] CVE-2020-15306\n https://nvd.nist.gov/vuln/detail/CVE-2020-15306\n[ 12 ] CVE-2021-20296\n https://nvd.nist.gov/vuln/detail/CVE-2021-20296\n[ 13 ] CVE-2021-3474\n https://nvd.nist.gov/vuln/detail/CVE-2021-3474\n[ 14 ] CVE-2021-3475\n https://nvd.nist.gov/vuln/detail/CVE-2021-3475\n[ 15 ] CVE-2021-3476\n https://nvd.nist.gov/vuln/detail/CVE-2021-3476\n[ 16 ] CVE-2021-3477\n https://nvd.nist.gov/vuln/detail/CVE-2021-3477\n[ 17 ] CVE-2021-3478\n https://nvd.nist.gov/vuln/detail/CVE-2021-3478\n[ 18 ] CVE-2021-3479\n https://nvd.nist.gov/vuln/detail/CVE-2021-3479\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.2.1-4.1+deb10u1. \n\nWe recommend that you upgrade your openexr packages. \n\nFor the detailed security status of openexr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openexr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8\nTjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG\nG6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW\nvn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx\nANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo\nW7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY\nl+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg\nzKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK\n3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c\nR2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ\nUgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD\ndjd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY=\n=FDcC\n-----END PGP SIGNATURE-----\n", sources: [ { db: "NVD", id: "CVE-2020-11760", }, { db: "JVNDB", id: "JVNDB-2020-004070", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULHUB", id: "VHN-164371", }, { db: "VULMON", id: "CVE-2020-11760", }, { db: "PACKETSTORM", id: "163465", }, { db: "PACKETSTORM", id: "168903", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-11760", trust: 2.8, }, { db: "PACKETSTORM", id: "163465", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-004070", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-948", trust: 0.7, }, { db: "CS-HELP", id: "SB2021071101", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1816", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2985", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1448", trust: 0.6, }, { db: "NSFOCUS", id: "50013", trust: 0.6, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "CNVD", id: "CNVD-2020-24153", trust: 0.1, }, { db: "VULHUB", id: "VHN-164371", trust: 0.1, }, { db: "VULMON", id: "CVE-2020-11760", trust: 0.1, }, { db: "PACKETSTORM", id: "168903", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-164371", }, { db: "VULMON", id: "CVE-2020-11760", }, { db: "JVNDB", id: "JVNDB-2020-004070", }, { db: "PACKETSTORM", id: "163465", }, { db: "PACKETSTORM", id: "168903", }, { db: "NVD", id: "CVE-2020-11760", }, { db: "CNNVD", id: "CNNVD-202004-948", }, { db: "CNNVD", id: "CNNVD-202104-975", }, ], }, id: "VAR-202004-0470", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-164371", }, ], trust: 0.01, }, last_update_date: "2023-12-18T10:57:16.076000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "OpenEXR Release Notes", trust: 0.8, url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020", }, { title: "AcademySoftwareFoundation/openexr", trust: 0.8, url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1", }, { title: "Industrial Light and Magic OpenEXR Buffer error vulnerability fix", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=116437", }, { title: "Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b", }, { title: "Ubuntu Security Notice: openexr vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-4339-1", }, ], sources: [ { db: "VULMON", id: "CVE-2020-11760", }, { db: "JVNDB", id: "JVNDB-2020-004070", }, { db: "CNNVD", id: "CNNVD-202004-948", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-125", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-164371", }, { db: "JVNDB", id: "JVNDB-2020-004070", }, { db: "NVD", id: "CVE-2020-11760", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://usn.ubuntu.com/4339-1/", }, { trust: 1.8, url: "https://security.gentoo.org/glsa/202107-27", }, { trust: 1.8, url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", }, { trust: 1.8, url: "https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020", }, { trust: 1.8, url: "https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1", }, { trust: 1.7, url: "https://support.apple.com/kb/ht211288", }, { trust: 1.7, url: "https://support.apple.com/kb/ht211289", }, { trust: 1.7, url: "https://support.apple.com/kb/ht211290", }, { trust: 1.7, url: "https://support.apple.com/kb/ht211291", }, { trust: 1.7, url: "https://support.apple.com/kb/ht211293", }, { trust: 1.7, url: "https://support.apple.com/kb/ht211294", }, { trust: 1.7, url: "https://support.apple.com/kb/ht211295", }, { trust: 1.7, url: "https://www.debian.org/security/2020/dsa-4755", }, { trust: 1.7, url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", }, { trust: 1.7, url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html", }, { trust: 1.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11760", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/", }, { trust: 0.8, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11760", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2985/", }, { trust: 0.6, url: "https://support.apple.com/en-us/ht211291", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1448/", }, { trust: 0.6, url: "https://support.apple.com/en-us/ht211295", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1816/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/50013", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021071101", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11761", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-15305", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11765", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11763", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11758", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-15306", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11762", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11764", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11759", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/125.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3476", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3478", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20296", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3479", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-15304", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3474", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "https://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3475", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3477", }, { trust: 0.1, url: "https://security-tracker.debian.org/tracker/openexr", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-9115", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-9113", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-9111", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-9114", }, ], sources: [ { db: "VULHUB", id: "VHN-164371", }, { db: "VULMON", id: "CVE-2020-11760", }, { db: "JVNDB", id: "JVNDB-2020-004070", }, { db: "PACKETSTORM", id: "163465", }, { db: "PACKETSTORM", id: "168903", }, { db: "NVD", id: "CVE-2020-11760", }, { db: "CNNVD", id: "CNNVD-202004-948", }, { db: "CNNVD", id: "CNNVD-202104-975", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-164371", }, { db: "VULMON", id: "CVE-2020-11760", }, { db: "JVNDB", id: "JVNDB-2020-004070", }, { db: "PACKETSTORM", id: "163465", }, { db: "PACKETSTORM", id: "168903", }, { db: "NVD", id: "CVE-2020-11760", }, { db: "CNNVD", id: "CNNVD-202004-948", }, { db: "CNNVD", id: "CNNVD-202104-975", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-14T00:00:00", db: "VULHUB", id: "VHN-164371", }, { date: "2020-04-14T00:00:00", db: "VULMON", id: "CVE-2020-11760", }, { date: "2020-05-07T00:00:00", db: "JVNDB", id: "JVNDB-2020-004070", }, { date: "2021-07-12T15:22:22", db: "PACKETSTORM", id: "163465", }, { date: "2020-08-28T19:12:00", db: "PACKETSTORM", id: "168903", }, { date: "2020-04-14T23:15:12.277000", db: "NVD", id: "CVE-2020-11760", }, { date: "2020-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202004-948", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-09T00:00:00", db: "VULHUB", id: "VHN-164371", }, { date: "2020-09-09T00:00:00", db: "VULMON", id: "CVE-2020-11760", }, { date: "2020-05-07T00:00:00", db: "JVNDB", id: "JVNDB-2020-004070", }, { date: "2023-11-07T03:15:06.460000", db: "NVD", id: "CVE-2020-11760", }, { date: "2022-11-17T00:00:00", db: "CNNVD", id: "CNNVD-202004-948", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202004-948", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenEXR Out-of-bounds read vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2020-004070", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-948", }, ], trust: 0.6, }, }
fkie_cve-2020-11760
Vulnerability from fkie_nvd
Published
2020-04-14 23:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openexr | openexr | * | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| apple | icloud | * | |
| apple | icloud | * | |
| apple | itunes | * | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | tvos | * | |
| apple | watchos | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", matchCriteriaId: "57A8F73B-345B-48BD-8D9B-92AD24033265", versionEndExcluding: "2.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", matchCriteriaId: "5B3BB46F-F586-4A2B-91C6-4D3AA226B478", versionEndExcluding: "7.20", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", matchCriteriaId: "5DBDFC69-1F0F-40E9-833E-FBFB92DF0541", versionEndExcluding: "11.3", versionStartIncluding: "10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", matchCriteriaId: "B626717E-0DED-4C76-B92D-D58AB27EED01", versionEndExcluding: "12.10.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "87D68071-5235-4B50-90F0-B55B0C668840", versionEndExcluding: "13.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0639A5DE-4A59-4F10-A0E7-F6B933E44D47", versionEndExcluding: "13.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0ACF42-C643-4DED-ADF7-4FA29B7578F7", versionEndExcluding: "10.15.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC", versionEndExcluding: "10.13.6", versionStartIncluding: "10.13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0", versionEndExcluding: "10.14.6", versionStartIncluding: "10.14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", matchCriteriaId: "8EA63C1C-1EEC-4961-A7B7-439D21293B99", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "B2F5D631-2306-4526-BEE5-22456D95ABAB", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", matchCriteriaId: "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*", matchCriteriaId: "09FA5087-C576-483F-B660-F9D155933CC8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "888463CA-9C67-46B2-B197-DDD3A668F980", versionEndExcluding: "13.4.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "494FA012-A268-42FC-B023-2A10817B1096", versionEndExcluding: "6.2.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", }, { lang: "es", value: "Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de límites durante una descompresión RLE en la función rleUncompress en el archivo ImfRle.cpp.", }, ], id: "CVE-2020-11760", lastModified: "2024-11-21T04:58:32.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-14T23:15:12.277", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211288", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211289", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211290", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211291", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211293", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211294", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211295", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4339-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4755", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211288", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211289", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211295", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4339-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4755", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
opensuse-su-2020:0682-1
Vulnerability from csaf_opensuse
Published
2020-05-22 16:17
Modified
2020-05-22 16:17
Summary
Security update for openexr
Notes
Title of the patch
Security update for openexr
Description of the patch
This update for openexr provides the following fix:
Security issues fixed:
- CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).
- CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).
- CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).
- CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).
- CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).
- CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).
- CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).
Non-security issue fixed:
- Enable tests when building the package on x86_64. (bsc#1146648)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-682
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for openexr", title: "Title of the patch", }, { category: "description", text: "This update for openexr provides the following fix:\n\nSecurity issues fixed:\n\n- CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).\n- CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).\n- CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).\n- CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).\n- CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).\n- CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).\n- CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).\n\nNon-security issue fixed:\n\n- Enable tests when building the package on x86_64. (bsc#1146648)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2020-682", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0682-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2020:0682-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UPIMHT3QWHTJ2S55J25KV3UTF3KXVI46/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2020:0682-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UPIMHT3QWHTJ2S55J25KV3UTF3KXVI46/", }, { category: "self", summary: "SUSE Bug 1146648", url: "https://bugzilla.suse.com/1146648", }, { category: "self", summary: "SUSE Bug 1169549", url: "https://bugzilla.suse.com/1169549", }, { category: "self", summary: "SUSE Bug 1169573", url: "https://bugzilla.suse.com/1169573", }, { category: "self", summary: "SUSE Bug 1169574", url: "https://bugzilla.suse.com/1169574", }, { category: "self", summary: "SUSE Bug 1169575", url: "https://bugzilla.suse.com/1169575", }, { category: "self", summary: "SUSE Bug 1169576", url: "https://bugzilla.suse.com/1169576", }, { category: "self", summary: "SUSE Bug 1169578", url: "https://bugzilla.suse.com/1169578", }, { category: "self", summary: "SUSE Bug 1169580", url: "https://bugzilla.suse.com/1169580", }, { category: "self", summary: "SUSE CVE CVE-2020-11758 page", url: "https://www.suse.com/security/cve/CVE-2020-11758/", }, { category: "self", summary: "SUSE CVE CVE-2020-11760 page", url: "https://www.suse.com/security/cve/CVE-2020-11760/", }, { category: "self", summary: "SUSE CVE CVE-2020-11761 page", url: "https://www.suse.com/security/cve/CVE-2020-11761/", }, { category: "self", summary: "SUSE CVE CVE-2020-11762 page", url: "https://www.suse.com/security/cve/CVE-2020-11762/", }, { category: "self", summary: "SUSE CVE CVE-2020-11763 page", url: "https://www.suse.com/security/cve/CVE-2020-11763/", }, { category: "self", summary: "SUSE CVE CVE-2020-11764 page", url: "https://www.suse.com/security/cve/CVE-2020-11764/", }, { category: "self", summary: "SUSE CVE CVE-2020-11765 page", url: "https://www.suse.com/security/cve/CVE-2020-11765/", }, ], title: "Security update for openexr", tracking: { current_release_date: "2020-05-22T16:17:13Z", generator: { date: "2020-05-22T16:17:13Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2020:0682-1", initial_release_date: "2020-05-22T16:17:13Z", revision_history: [ { date: "2020-05-22T16:17:13Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", product: { name: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", product_id: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", product: { name: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", product_id: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", }, }, { category: "product_version", name: "openexr-2.2.1-lp151.4.9.1.i586", product: { name: "openexr-2.2.1-lp151.4.9.1.i586", product_id: "openexr-2.2.1-lp151.4.9.1.i586", }, }, { category: "product_version", name: "openexr-devel-2.2.1-lp151.4.9.1.i586", product: { name: "openexr-devel-2.2.1-lp151.4.9.1.i586", product_id: "openexr-devel-2.2.1-lp151.4.9.1.i586", }, }, { category: "product_version", name: "openexr-doc-2.2.1-lp151.4.9.1.i586", product: { name: "openexr-doc-2.2.1-lp151.4.9.1.i586", product_id: "openexr-doc-2.2.1-lp151.4.9.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", product: { name: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", product_id: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", product: { name: "libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", product_id: "libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", product: { name: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", product_id: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", product: { name: "libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", product_id: "libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "openexr-2.2.1-lp151.4.9.1.x86_64", product: { name: "openexr-2.2.1-lp151.4.9.1.x86_64", product_id: "openexr-2.2.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "openexr-devel-2.2.1-lp151.4.9.1.x86_64", product: { name: "openexr-devel-2.2.1-lp151.4.9.1.x86_64", product_id: "openexr-devel-2.2.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "openexr-doc-2.2.1-lp151.4.9.1.x86_64", product: { name: "openexr-doc-2.2.1-lp151.4.9.1.x86_64", product_id: "openexr-doc-2.2.1-lp151.4.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", }, product_reference: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", }, product_reference: "libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", }, product_reference: "libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", }, product_reference: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", }, product_reference: "libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", }, product_reference: "libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "openexr-2.2.1-lp151.4.9.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", }, product_reference: "openexr-2.2.1-lp151.4.9.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "openexr-2.2.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", }, product_reference: "openexr-2.2.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.2.1-lp151.4.9.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", }, product_reference: "openexr-devel-2.2.1-lp151.4.9.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "openexr-devel-2.2.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", }, product_reference: "openexr-devel-2.2.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "openexr-doc-2.2.1-lp151.4.9.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", }, product_reference: "openexr-doc-2.2.1-lp151.4.9.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "openexr-doc-2.2.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", }, product_reference: "openexr-doc-2.2.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-11758", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11758", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11758", url: "https://www.suse.com/security/cve/CVE-2020-11758", }, { category: "external", summary: "SUSE Bug 1169549 for CVE-2020-11758", url: "https://bugzilla.suse.com/1169549", }, { category: "external", summary: "SUSE Bug 1169573 for CVE-2020-11758", url: "https://bugzilla.suse.com/1169573", }, { category: "external", summary: "SUSE Bug 1169574 for CVE-2020-11758", url: "https://bugzilla.suse.com/1169574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-22T16:17:13Z", details: "low", }, ], title: "CVE-2020-11758", }, { cve: "CVE-2020-11760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11760", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11760", url: "https://www.suse.com/security/cve/CVE-2020-11760", }, { category: "external", summary: "SUSE Bug 1169580 for CVE-2020-11760", url: "https://bugzilla.suse.com/1169580", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-22T16:17:13Z", details: "low", }, ], title: "CVE-2020-11760", }, { cve: "CVE-2020-11761", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11761", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11761", url: "https://www.suse.com/security/cve/CVE-2020-11761", }, { category: "external", summary: "SUSE Bug 1169578 for CVE-2020-11761", url: "https://bugzilla.suse.com/1169578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-22T16:17:13Z", details: "low", }, ], title: "CVE-2020-11761", }, { cve: "CVE-2020-11762", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11762", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11762", url: "https://www.suse.com/security/cve/CVE-2020-11762", }, { category: "external", summary: "SUSE Bug 1169549 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169549", }, { category: "external", summary: "SUSE Bug 1169573 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169573", }, { category: "external", summary: "SUSE Bug 1169574 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169574", }, { category: "external", summary: "SUSE Bug 1169575 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169575", }, { category: "external", summary: "SUSE Bug 1169576 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169576", }, { category: "external", summary: "SUSE Bug 1169578 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169578", }, { category: "external", summary: "SUSE Bug 1169579 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169579", }, { category: "external", summary: "SUSE Bug 1169580 for CVE-2020-11762", url: "https://bugzilla.suse.com/1169580", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-22T16:17:13Z", details: "moderate", }, ], title: "CVE-2020-11762", }, { cve: "CVE-2020-11763", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11763", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11763", url: "https://www.suse.com/security/cve/CVE-2020-11763", }, { category: "external", summary: "SUSE Bug 1169576 for CVE-2020-11763", url: "https://bugzilla.suse.com/1169576", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-22T16:17:13Z", details: "low", }, ], title: "CVE-2020-11763", }, { cve: "CVE-2020-11764", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11764", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11764", url: "https://www.suse.com/security/cve/CVE-2020-11764", }, { category: "external", summary: "SUSE Bug 1169574 for CVE-2020-11764", url: "https://bugzilla.suse.com/1169574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-22T16:17:13Z", details: "low", }, ], title: "CVE-2020-11764", }, { cve: "CVE-2020-11765", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11765", }, ], notes: [ { category: "general", text: "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11765", url: "https://www.suse.com/security/cve/CVE-2020-11765", }, { category: "external", summary: "SUSE Bug 1169575 for CVE-2020-11765", url: "https://bugzilla.suse.com/1169575", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImf-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImf-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-devel-2.2.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.i586", "openSUSE Leap 15.1:openexr-doc-2.2.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-22T16:17:13Z", details: "low", }, ], title: "CVE-2020-11765", }, ], }
gsd-2020-11760
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
Aliases
Aliases
{ GSD: { alias: "CVE-2020-11760", description: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", id: "GSD-2020-11760", references: [ "https://www.suse.com/security/cve/CVE-2020-11760.html", "https://www.debian.org/security/2020/dsa-4755", "https://ubuntu.com/security/CVE-2020-11760", "https://advisories.mageia.org/CVE-2020-11760.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2020-11760", ], details: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", id: "GSD-2020-11760", modified: "2023-12-13T01:22:07.211263Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11760", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", refsource: "MISC", url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", }, { name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", refsource: "MISC", url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", }, { name: "USN-4339-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4339-1/", }, { name: "FEDORA-2020-e244f22a51", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/", }, { name: "openSUSE-SU-2020:0682", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html", }, { name: "https://support.apple.com/kb/HT211288", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211288", }, { name: "https://support.apple.com/kb/HT211290", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211290", }, { name: "https://support.apple.com/kb/HT211289", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211289", }, { name: "https://support.apple.com/kb/HT211291", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211291", }, { name: "https://support.apple.com/kb/HT211293", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211293", }, { name: "https://support.apple.com/kb/HT211295", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211295", }, { name: "https://support.apple.com/kb/HT211294", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211294", }, { name: "DSA-4755", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4755", }, { name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", }, { name: "GLSA-202107-27", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-27", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "<2.4.1", affected_versions: "All versions before 2.4.1", cvss_v2: "AV:N/AC:M/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-125", "CWE-937", ], date: "2021-07-11", description: "There is an out-of-bounds read during RLE uncompression in `rleUncompress` in `ImfRle.cpp`.", fixed_versions: [ "2.5.2", ], identifier: "CVE-2020-11760", identifiers: [ "CVE-2020-11760", ], not_impacted: "All versions starting from 2.4.1", package_slug: "conan/openexr", pubdate: "2020-04-14", solution: "Upgrade to version 2.5.2 or above.", title: "Out-of-bounds Read", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-11760", ], uuid: "82b4edfc-64b7-4089-a491-9609c9bc5d9b", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.4.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.15.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.4.8", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", cpe_name: [], versionEndExcluding: "7.20", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", cpe_name: [], versionEndExcluding: "12.10.8", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.2.8", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", cpe_name: [], versionEndExcluding: "11.3", versionStartIncluding: "10.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.13.6", versionStartIncluding: "10.13.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.14.6", versionStartIncluding: "10.14.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11760", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", refsource: "MISC", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", }, { name: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", refsource: "MISC", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", refsource: "MISC", tags: [ "Exploit", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", }, { name: "USN-4339-1", refsource: "UBUNTU", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4339-1/", }, { name: "FEDORA-2020-e244f22a51", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/", }, { name: "openSUSE-SU-2020:0682", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html", }, { name: "DSA-4755", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4755", }, { name: "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", }, { name: "https://support.apple.com/kb/HT211293", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211293", }, { name: "https://support.apple.com/kb/HT211290", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211290", }, { name: "https://support.apple.com/kb/HT211291", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211291", }, { name: "https://support.apple.com/kb/HT211288", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211288", }, { name: "https://support.apple.com/kb/HT211289", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211289", }, { name: "https://support.apple.com/kb/HT211295", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211295", }, { name: "https://support.apple.com/kb/HT211294", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211294", }, { name: "GLSA-202107-27", refsource: "GENTOO", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-27", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, }, }, lastModifiedDate: "2023-01-09T16:41Z", publishedDate: "2020-04-14T23:15Z", }, }, }
ghsa-hjj6-gq2r-v84q
Vulnerability from github
Published
2022-05-24 17:14
Modified
2022-11-15 12:00
Severity ?
Details
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
{ affected: [], aliases: [ "CVE-2020-11760", ], database_specific: { cwe_ids: [ "CWE-125", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2020-04-14T23:15:00Z", severity: "MODERATE", }, details: "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.", id: "GHSA-hjj6-gq2r-v84q", modified: "2022-11-15T12:00:18Z", published: "2022-05-24T17:14:41Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11760", }, { type: "WEB", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987", }, { type: "WEB", url: "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020", }, { type: "WEB", url: "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202107-27", }, { type: "WEB", url: "https://support.apple.com/kb/HT211288", }, { type: "WEB", url: "https://support.apple.com/kb/HT211289", }, { type: "WEB", url: "https://support.apple.com/kb/HT211290", }, { type: "WEB", url: "https://support.apple.com/kb/HT211291", }, { type: "WEB", url: "https://support.apple.com/kb/HT211293", }, { type: "WEB", url: "https://support.apple.com/kb/HT211294", }, { type: "WEB", url: "https://support.apple.com/kb/HT211295", }, { type: "WEB", url: "https://usn.ubuntu.com/4339-1", }, { type: "WEB", url: "https://www.debian.org/security/2020/dsa-4755", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.