PT-2017-13805 · Industrial Light & Magic+3 · Openexr+3

Published

2017-10-02

Updated

2024-08-05

CVE-2017-14988

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR version 2.2.0

Description The issue allows remote attackers to cause a denial of service due to excessive memory allocation via a crafted file accessed with the ImfOpenInputFile function. However, the maintainer and multiple third parties believe this issue is not valid.

Recommendations For OpenEXR version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2019-2753

ALT-PU-2019-2754

ALT-PU-2019-2756

ALT-PU-2019-2757

AZL-45117

CVE-2017-14988

ECHO-0B54-ECED-403B

MGASA-2019-0373

OPENSUSE-SU-2019:1954-1

OPENSUSE-SU-2019_1954-1

OPENSUSE-SU-2024:11117-1

SUSE-SU-2019:2014-1

SUSE-SU-2019:2043-1

SUSE-SU-2019_2014-1

SUSE-SU-2019_2043-1

Affected Products

Alt Linux

Debian

Openexr

Suse

PT-2017-13805 · Industrial Light & Magic+3 · Openexr+3

CVE-2017-14988

Weakness Enumeration

Related Identifiers

Affected Products

References · 29