PublicDateAtUSN: 2018-10-17 19:29:00 UTC
Candidate: CVE-2018-18444
PublicDate: 2018-10-17 19:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444
 https://ubuntu.com/security/notices/USN-4148-1
 https://ubuntu.com/security/notices/USN-4339-1
Description:
 makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds
 write, leading to an assertion failure or possibly unspecified other
 impact.
Ubuntu-Description: 
Notes: 
 mdeslaur> proposed patch in bug
 mdeslaur>
 mdeslaur> The patch for this issue was dropped during the focal
 mdeslaur> development cycle by mistake.
Bugs: 
 https://github.com/openexr/openexr/issues/351
Priority: low
Discovered-by: TAN JIE
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_openexr:
 upstream: https://github.com/openexr/openexr/commit/4aa6a4e0fcd52b220c71807307b9139966c3644c (2.4)
 upstream: https://github.com/openexr/openexr/commit/6a41400b47d574a5fc6133b9a7139bcd7b59d585 (2.4)
 upstream: https://github.com/openexr/openexr/commit/119eb2d4672e5c77a79929758f7e4c566f47c794 (2.4)
 upstream: https://github.com/openexr/openexr/commit/45f9912e6cfa0617ec2054d96d1e1e73fad4a62a (2.3)
 upstream: https://github.com/openexr/openexr/commit/a7eec54765e9122b78a6c34bb9d5bf744631bea2 (2.3)
 upstream: https://github.com/openexr/openexr/commit/ec64836c2312b13034149acab499c112bd289cd9 (2.3)
upstream_openexr: needs-triage
precise/esm_openexr: DNE
trusty_openexr: ignored (reached end-of-life)
trusty/esm_openexr: DNE (trusty was deferred [2019-06-27])
xenial_openexr: released (2.2.0-10ubuntu2.1)
esm-infra/xenial_openexr: released (2.2.0-10ubuntu2.1)
bionic_openexr: released (2.2.0-11.1ubuntu1.1)
cosmic_openexr: ignored (reached end-of-life)
disco_openexr: released (2.2.1-4.1ubuntu0.1)
eoan_openexr: released (2.2.1-4.1ubuntu0.1)
focal_openexr: released (2.3.0-6ubuntu0.1)
devel_openexr: released (2.3.0-6ubuntu0.1)