CVE-2017-9113
Published: 21 May 2017
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
Notes
Author | Note |
---|---|
mdeslaur | see suse bug for reproducer with exrmakepreview first patch in upstream bug doesn't cover this CVE The patch for this issue was dropped during the focal development cycle by mistake. |
Priority
Status
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |