OpenEXR vulnerabilities

2009-09-1400:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.04

Percentile

92.1%

JSON

Releases

Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04

Packages

openexr -

Details

Drew Yao discovered several flaws in the way OpenEXR handled certain
malformed EXR image files. If a user were tricked into opening a crafted
EXR image file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-1720, CVE-2009-1721)

It was discovered that OpenEXR did not properly handle certain malformed
EXR image files. If a user were tricked into opening a crafted EXR image
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.04noarchlibopenexr6< 1.6.1-3ubuntu1.9.04.1UNKNOWN
Ubuntu9.04noarchlibopenexr-dev< 1.6.1-3ubuntu1.9.04.1UNKNOWN
Ubuntu9.04noarchopenexr< 1.6.1-3ubuntu1.9.04.1UNKNOWN
Ubuntu8.10noarchlibopenexr6< 1.6.1-3ubuntu1.8.10.1UNKNOWN
Ubuntu8.10noarchlibopenexr-dev< 1.6.1-3ubuntu1.8.10.1UNKNOWN
Ubuntu8.10noarchopenexr< 1.6.1-3ubuntu1.8.10.1UNKNOWN
Ubuntu8.04noarchlibopenexr2ldbl< 1.2.2-4.4ubuntu1.1UNKNOWN
Ubuntu8.04noarchlibopenexr-dev< 1.2.2-4.4ubuntu1.1UNKNOWN
Ubuntu8.04noarchopenexr< 1.2.2-4.4ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.04	noarch	libopenexr6	< 1.6.1-3ubuntu1.9.04.1	UNKNOWN
Ubuntu	9.04	noarch	libopenexr-dev	< 1.6.1-3ubuntu1.9.04.1	UNKNOWN
Ubuntu	9.04	noarch	openexr	< 1.6.1-3ubuntu1.9.04.1	UNKNOWN
Ubuntu	8.10	noarch	libopenexr6	< 1.6.1-3ubuntu1.8.10.1	UNKNOWN
Ubuntu	8.10	noarch	libopenexr-dev	< 1.6.1-3ubuntu1.8.10.1	UNKNOWN
Ubuntu	8.10	noarch	openexr	< 1.6.1-3ubuntu1.8.10.1	UNKNOWN
Ubuntu	8.04	noarch	libopenexr2ldbl	< 1.2.2-4.4ubuntu1.1	UNKNOWN
Ubuntu	8.04	noarch	libopenexr-dev	< 1.2.2-4.4ubuntu1.1	UNKNOWN
Ubuntu	8.04	noarch	openexr	< 1.2.2-4.4ubuntu1.1	UNKNOWN