CVE-2020-11763

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 2.4.1

Description The issue is related to an out-of-bounds read and write in the std::vector, as demonstrated by ImfTileOffsets.cpp. This can potentially allow a remote attacker to cause a denial of service. The vulnerability is associated with a buffer data boundary overflow in the ImfTileOffsets.cpp library of the OpenEXR image storage software.

Recommendations For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ImfTileOffsets.cpp library until a patch is available.

Exploit

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALT-PU-2020-3135

ALT-PU-2020-3136

ALT-PU-2021-1312

ALT-PU-2021-1313

AZL-44967

BDU:2021-03612

CESA-2020_4039

CVE-2020-11763

DLA-2358-1

DSA-4755-1

MGASA-2020-0189

OESA-2021-1268

OPENSUSE-SU-2020:0682-1

OPENSUSE-SU-2020_0682-1

RHSA-2020:4039

RHSA-2020_4039

SUSE-SU-2020:1292-1

SUSE-SU-2020:1293-1

USN-4339-1

Affected Products

Alt Linux

Centos

Linuxmint

Openexr

Red Hat

Suse

Ubuntu

Itunes

CVE-2020-11763

Weakness Enumeration

Related Identifiers

Affected Products

References · 85