Lucene search

K
nvd[email protected]NVD:CVE-2009-1720
HistoryJul 31, 2009 - 7:00 p.m.

CVE-2009-1720

2009-07-3119:00:01
CWE-189
web.nvd.nist.gov
9

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.04

Percentile

92.1%

Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd
Node
openexropenexrMatch1.2.2
OR
openexropenexrMatch1.6.1
VendorProductVersionCPE
openexropenexr1.2.2cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*
openexropenexr1.6.1cpe:2.3:a:openexr:openexr:1.6.1:*:*:*:*:*:*:*

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.04

Percentile

92.1%