Lucene search

[email protected]CVE-2017-9112

HistoryMay 21, 2017 - 6:29 p.m.

CVE-2017-9112

2017-05-2118:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

openexr

cve-2017-9112

imfhuf.cpp

information security

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.5%

JSON

In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.

CPENameOperatorVersion
openexr:openexropenexreq2.2.0

CPE	Name	Operator	Version
openexr:openexr	openexr	eq	2.2.0

References

www.openwall.com/lists/oss-security/2017/05/12/5

github.com/openexr/openexr/issues/232

github.com/openexr/openexr/pull/233

github.com/openexr/openexr/releases/tag/v2.2.1

lists.debian.org/debian-lts-announce/2020/08/msg00056.html

usn.ubuntu.com/4148-1/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2017-9112

ubuntucve1 prion1 redhatcve1 debiancve1 osv3 veracode1 alpinelinux1 debian2 mageia1 nessus12 openvas12 slackware1 freebsd1 fedora2 ubuntu1 cloudfoundry1