Computer Security
[EN] securityvulns.ru no-pyccku


OpenEXR multiple security vulnerabilities
Published:28.07.2009
Source:
SecurityVulns ID:10104
Type:library
Threat Level:
6/10
Description:Integer overflow, buffer overflow, uninitialized pointer.
Affected:OPENEXR : openexr 1.2
CVE:CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.)
 CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities (28.07.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod