PT-2017-13805 · Industrial Light & Magic+3 · Openexr+3

Publicado

2017-10-02

Atualizado

2024-08-05

CVE-2017-14988

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR version 2.2.0

Description The issue allows remote attackers to cause a denial of service due to excessive memory allocation via a crafted file accessed with the ImfOpenInputFile function. However, the maintainer and multiple third parties believe this issue is not valid.

Recommendations For OpenEXR version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this issue.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2019-2753

ALT-PU-2019-2754

ALT-PU-2019-2756

ALT-PU-2019-2757

AZL-45117

CVE-2017-14988

ECHO-0B54-ECED-403B

MGASA-2019-0373

OPENSUSE-SU-2019:1954-1

OPENSUSE-SU-2019_1954-1

OPENSUSE-SU-2024:11117-1

SUSE-SU-2019:2014-1

SUSE-SU-2019:2043-1

SUSE-SU-2019_2014-1

SUSE-SU-2019_2043-1

Produtos afetados

Alt Linux

Debian

Openexr

Suse

PT-2017-13805 · Industrial Light & Magic+3 · Openexr+3

CVE-2017-14988

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 29