Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:9EEB389BF26DB561ACBA1A18A43C72BD
HistoryNov 06, 2019 - 12:00 a.m.

USN-4148-1: OpenEXR vulnerabilities | Cloud Foundry

2019-11-0600:00:00
Cloud Foundry
www.cloudfoundry.org
31

0.014 Low

EPSS

Percentile

86.6%

JSON

Severity

Low

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04

Description

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12596)

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-9110, CVE-2017-9112, CVE-2017-9116)

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)

Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2018-18444)

CVEs contained in this USN include: CVE-2017-12596, CVE-2017-9110, CVE-2017-9111, CVE-2017-9112, CVE-2017-9113, CVE-2017-9115, CVE-2017-9116, CVE-2018-18444

Affected Cloud Foundry Products and Versions

Severity is low unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs3 prior to 0.132.0

Mitigation

Users of affected products are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.132.0 or later.

References

Related

nessus 33
ubuntu 2
openvas 27
fedora 5
slackware 1
freebsd 2
mageia 2
debian 3
suse 3
osv 11
ubuntucve 8
cloudfoundry 1
debiancve 8
nvd 8
cvelist 8
prion 8
alpinelinux 8
redhatcve 8
veracode 8
cve 8
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : OpenEXR vulnerabilities (USN-4148-1)
2019-10-08 00:00:00
Fedora 27 : mingw-OpenEXR (2018-b152c791cc)
2018-02-28 00:00:00
EulerOS 2.0 SP5 : OpenEXR (EulerOS-SA-2021-1219)
2021-02-04 00:00:00
ubuntu
ubuntu
OpenEXR vulnerabilities
2019-10-07 00:00:00
OpenEXR vulnerabilities
2020-04-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4148-1)
2019-10-08 00:00:00
Huawei EulerOS: Security Advisory for OpenEXR (EulerOS-SA-2021-1219)
2021-02-05 00:00:00
Fedora Update for mingw-OpenEXR FEDORA-2018-b152c791cc
2018-02-28 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: mingw-OpenEXR-2.2.0-6.fc26
2018-02-27 16:58:12
[SECURITY] Fedora 27 Update: mingw-OpenEXR-2.2.0-7.fc27
2018-02-27 17:28:13
[SECURITY] Fedora 31 Update: mingw-OpenEXR-2.3.0-3.fc31
2019-11-22 00:48:18
slackware
slackware
[slackware-security] openexr
2017-10-01 20:31:10
freebsd
freebsd
OpenEXR -- multiple remote code execution and denial of service vulnerabilities
2017-01-12 00:00:00
OpenEXR -- heap buffer overflow, and out-of-memory bugs
2018-10-17 00:00:00
mageia
mageia
Updated OpenEXR packages fix security vulnerability
2018-01-03 17:22:14
Updated openexr packages fix security vulnerabilities
2019-05-12 12:35:33
debian
debian
[SECURITY] [DLA 1083-1] openexr security update
2017-08-31 22:29:32
[SECURITY] [DLA 2358-1] openexr security update
2020-08-30 19:36:12
[SECURITY] [DSA 4755-1] openexr security update
2020-08-29 17:35:55
suse
suse
Security update for openexr (moderate)
2019-08-01 00:00:00
Security update for openexr (moderate)
2019-07-30 00:00:00
Security update for openexr (low)
2019-04-24 00:00:00
osv
osv
openexr - security update
2017-08-31 00:00:00
openexr - security update
2020-08-30 00:00:00
CVE-2017-12596
2017-08-07 01:29:00
ubuntucve
ubuntucve
CVE-2017-12596
2017-08-07 00:00:00
CVE-2018-18444
2018-10-17 00:00:00
CVE-2017-9111
2017-05-21 00:00:00
cloudfoundry
cloudfoundry
USN-4339-1: OpenEXR vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
debiancve
debiancve
CVE-2017-12596
2017-08-07 01:29:00
CVE-2018-18444
2018-10-17 19:29:00
CVE-2017-9111
2017-05-21 18:29:00
nvd
nvd
CVE-2017-12596
2017-08-07 01:29:00
CVE-2017-9111
2017-05-21 18:29:00
CVE-2018-18444
2018-10-17 19:29:00
cvelist
cvelist
CVE-2017-9110
2017-05-21 18:00:00
CVE-2017-12596
2017-08-07 01:00:00
CVE-2018-18444
2018-10-17 19:00:00
prion
prion
Out-of-bounds
2018-10-17 19:29:00
Heap overflow
2017-08-07 01:29:00
Code injection
2017-05-21 18:29:00
alpinelinux
alpinelinux
CVE-2017-12596
2017-08-07 01:29:00
CVE-2018-18444
2018-10-17 19:29:00
CVE-2017-9113
2017-05-21 18:29:00
redhatcve
redhatcve
CVE-2017-9110
2017-05-25 12:20:20
CVE-2017-12596
2017-08-22 08:50:20
CVE-2018-18444
2019-12-29 09:38:26
veracode
veracode
Denial Of Service (DoS)
2020-12-06 03:19:57
Denial Of Service (DoS)
2020-12-06 04:09:16
Denial Of Service (DoS)
2021-06-27 16:34:59
cve
cve
CVE-2017-12596
2017-08-07 01:29:00
CVE-2017-9111
2017-05-21 18:29:00
CVE-2018-18444
2018-10-17 19:29:00

0.014 Low

EPSS

Percentile

86.6%

JSON
Related for CFOUNDRY:9EEB389BF26DB561ACBA1A18A43C72BD
nessus33ubuntu2openvas27fedora5slackware1freebsd2mageia2debian3suse3osv11ubuntucve8cloudfoundry1debiancve8nvd8cvelist8prion8alpinelinux8redhatcve8veracode8cve8