PublicDateAtUSN: 2020-04-14 23:15:00 UTC
Candidate: CVE-2020-11761
PublicDate: 2020-04-14 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761
 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020
 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1
 https://ubuntu.com/security/notices/USN-4339-1
Description:
 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds
 read during Huffman uncompression, as demonstrated by
 FastHufDecoder::refill in ImfFastHuf.cpp.
Ubuntu-Description:
Notes:
 mdeslaur> need to check if commit is the right one
Mitigation:
Bugs:
 https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
Priority: medium
Discovered-by: Samuel Groß
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_openexr:
 upstream: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09
upstream_openexr: needs-triage
precise/esm_openexr: DNE
trusty_openexr: ignored (out of standard support)
trusty/esm_openexr: DNE
xenial_openexr: released (2.2.0-10ubuntu2.2)
esm-infra/xenial_openexr: released (2.2.0-10ubuntu2.2)
bionic_openexr: released (2.2.0-11.1ubuntu1.2)
eoan_openexr: released (2.2.1-4.1ubuntu1.1)
focal_openexr: released (2.3.0-6ubuntu0.1)
devel_openexr: released (2.3.0-6ubuntu0.1)