In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.

According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An issue was discovered in OpenEXR before 2.4.1. There     is an std::vector out-of-bounds read and write, as     demonstrated by ImfTileOffsets.cpp.(CVE-2020-11763)

  - An issue was discovered in OpenEXR before 2.4.1. There     is an out-of-bounds write in copyIntoFrameBuffer in     ImfMisc.cpp.(CVE-2020-11764)

  - In OpenEXR 2.2.0, an invalid write of size 8 in the     storeSSE function in ImfOptimizedPixelReading.h could     cause the application to crash or execute arbitrary     code.(CVE-2017-9111)

  - In OpenEXR 2.2.0, an invalid read of size 1 in the     getBits function in ImfHuf.cpp could cause the     application to crash.(CVE-2017-9112)

  - In OpenEXR 2.2.0, an invalid write of size 1 in the     bufferedReadPixels function in ImfInputFile.cpp could     cause the application to crash or execute arbitrary     code.(CVE-2017-9113)

  - In OpenEXR 2.2.0, an invalid read of size 1 in the     refill function in ImfFastHuf.cpp could cause the     application to crash.(CVE-2017-9114)

  - In OpenEXR 2.2.0, an invalid write of size 2 in the =     operator function in half.h could cause the application     to crash or execute arbitrary code.(CVE-2017-9115)

  - In OpenEXR 2.2.0, an invalid read of size 1 in the     uncompress function in ImfZip.cpp could cause the     application to crash.(CVE-2017-9116)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - OpenEXR is a high dynamic-range (HDR) image file format     developed by Industrial Light & Magic for use in     computer imaging applications. This package contains     libraries and sample applications for handling the     format.Security Fix(es):In OpenEXR 2.2.0, a crafted     image causes a heap-based buffer over-read in the     hufDecode function in IlmImf/ImfHuf.cpp during     exrmaketiled execution it may result in denial of     service or possibly unspecified other     impact.(CVE-2017-12596)In OpenEXR 2.2.0, an invalid     read of size 2 in the hufDecode function in ImfHuf.cpp     could cause the application to crash.(CVE-2017-9110)In     OpenEXR 2.2.0, an invalid write of size 8 in the     storeSSE function in ImfOptimizedPixelReading.h could     cause the application to crash or execute arbitrary     code.(CVE-2017-9111)In OpenEXR 2.2.0, an invalid read     of size 1 in the getBits function in ImfHuf.cpp could     cause the application to crash.(CVE-2017-9112)In     OpenEXR 2.2.0, an invalid write of size 1 in the     bufferedReadPixels function in ImfInputFile.cpp could     cause the application to crash or execute arbitrary     code.(CVE-2017-9113)In OpenEXR 2.2.0, an invalid read     of size 1 in the refill function in ImfFastHuf.cpp     could cause the application to crash.(CVE-2017-9114)In     OpenEXR 2.2.0, an invalid write of size 2 in the =     operator function in half.h could cause the application     to crash or execute arbitrary code.(CVE-2017-9115)In     OpenEXR 2.2.0, an invalid read of size 1 in the     uncompress function in ImfZip.cpp could cause the     application to crash.(CVE-2017-9116)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.

Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.

For Debian 9 stretch, these problems have been fixed in version 2.2.0-11+deb9u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/openexr

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - OpenEXR is a high dynamic-range (HDR) image file format     developed by Industrial Light & Magic for use in     computer imaging applications. This package contains     libraries and sample applications for handling the     format.Security Fix(es):In OpenEXR 2.2.0, an invalid     write of size 2 in the = operator function in half.h     could cause the application to crash or execute     arbitrary code.(CVE-2017-9115)In OpenEXR 2.2.0, an     invalid write of size 8 in the storeSSE function in     ImfOptimizedPixelReading.h could cause the application     to crash or execute arbitrary code.(CVE-2017-9111)In     OpenEXR 2.2.0, a crafted image causes a heap-based     buffer over-read in the hufDecode function in     IlmImf/ImfHuf.cpp during exrmaketiled execution it may     result in denial of service or possibly unspecified     other impact.(CVE-2017-12596)In OpenEXR 2.2.0, an     invalid write of size 1 in the bufferedReadPixels     function in ImfInputFile.cpp could cause the     application to crash or execute arbitrary     code.(CVE-2017-9113)In OpenEXR 2.2.0, an invalid read     of size 1 in the uncompress function in ImfZip.cpp     could cause the application to crash.(CVE-2017-9116)In     OpenEXR 2.2.0, an invalid read of size 1 in the refill     function in ImfFastHuf.cpp could cause the application     to crash.(CVE-2017-9114)In OpenEXR 2.2.0, an invalid     read of size 1 in the getBits function in ImfHuf.cpp     could cause the application to crash.(CVE-2017-9112)In     OpenEXR 2.2.0, an invalid read of size 2 in the     hufDecode function in ImfHuf.cpp could cause the     application to crash.(CVE-2017-9110)Header::readfrom in     IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote     attackers to cause a denial of service (excessive     memory allocation) via a crafted file that is accessed     with the ImfOpenInputFile function in     IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and     multiple third parties believe that this vulnerability     isn't valid.(CVE-2017-14988)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR     2.2.0 allows remote attackers to cause a denial of     service (excessive memory allocation) via a crafted     file that is accessed with the ImfOpenInputFile     function in IlmImf/ImfCRgbaFile.cpp. NOTE: The     maintainer and multiple third parties believe that this     vulnerability isn't valid.(CVE-2017-14988)

  - In OpenEXR 2.2.0, an invalid read of size 1 in the     getBits function in ImfHuf.cpp could cause the     application to crash.(CVE-2017-9112)

  - In OpenEXR 2.2.0, an invalid read of size 1 in the     refill function in ImfFastHuf.cpp could cause the     application to crash.(CVE-2017-9114)

  - In OpenEXR 2.2.0, an invalid read of size 1 in the     uncompress function in ImfZip.cpp could cause the     application to crash.(CVE-2017-9116)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openexr fixes the following issues :

  - CVE-2017-9110: In OpenEXR, an invalid read of size 2 in     the hufDecode function in ImfHuf.cpp could cause the     application to crash. (bsc#1040107)

  - CVE-2017-9114: In OpenEXR, an invalid read of size 1 in     the refill function in ImfFastHuf.cpp could cause the     application to crash. (bsc#1040114)

  - CVE-2017-12596: In OpenEXR, a crafted image causes a     heap-based buffer over-read in the hufDecode function in     IlmImf/ImfHuf.cpp during exrmaketiled execution; it     could have resulted in denial of service or possibly     unspecified other impact. (bsc#1052522)

This update was imported from the SUSE:SLE-12:Update update project.

This update for OpenEXR fixes the following issues :

  - CVE-2017-9110: In OpenEXR, an invalid read of size 2 in     the hufDecode function in ImfHuf.cpp could cause the     application to crash. (bsc#1040107)

  - CVE-2017-9114: In OpenEXR, an invalid read of size 1 in     the refill function in ImfFastHuf.cpp could cause the     application to crash. (bsc#1040114)

  - CVE-2017-12596: In OpenEXR, a crafted image causes a     heap-based buffer over-read in the hufDecode function in     IlmImf/ImfHuf.cpp during exrmaketiled execution; it     could have resulted in denial of service or possibly     unspecified other impact. (bsc#1052522)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openexr fixes the following issues :

  - CVE-2017-9110: In OpenEXR, an invalid read of size 2 in     the hufDecode function in ImfHuf.cpp could cause the     application to crash. (bsc#1040107)

  - CVE-2017-9114: In OpenEXR, an invalid read of size 1 in     the refill function in ImfFastHuf.cpp could cause the     application to crash. (bsc#1040114)

  - CVE-2017-12596: In OpenEXR, a crafted image causes a     heap-based buffer over-read in the hufDecode function in     IlmImf/ImfHuf.cpp during exrmaketiled execution; it     could have resulted in denial of service or possibly     unspecified other impact. (bsc#1052522)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes the following vulnerabilities: CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New openexr packages are available for Slackware 14.2 and -current to fix security issues.

Brandon Perry reports :

[There] is a zip file of EXR images that cause segmentation faults in the OpenEXR library (tested against 2.2.0).

- CVE-2017-9110 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.

- CVE-2017-9111 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.

- CVE-2017-9112 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.

- CVE-2017-9113 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.

- CVE-2017-9114 In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.

- CVE-2017-9115 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.

- CVE-2017-9116 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.

ID	Name	Product	Family	Severity
146642	EulerOS 2.0 SP2 : OpenEXR (EulerOS-SA-2021-1335)	Nessus	Huawei Local Security Checks	high
146115	EulerOS 2.0 SP5 : OpenEXR (EulerOS-SA-2021-1219)	Nessus	Huawei Local Security Checks	high
140061	Debian DSA-4755-1 : openexr - security update	Nessus	Debian Local Security Checks	high
140057	Debian DLA-2358-1 : openexr security update	Nessus	Debian Local Security Checks	high
136862	EulerOS 2.0 SP8 : OpenEXR (EulerOS-SA-2020-1584)	Nessus	Huawei Local Security Checks	high
135545	EulerOS 2.0 SP3 : OpenEXR (EulerOS-SA-2020-1416)	Nessus	Huawei Local Security Checks	medium
107184	openSUSE Security Update : openexr (openSUSE-2018-229)	Nessus	SuSE Local Security Checks	high
107132	SUSE SLES11 Security Update : OpenEXR (SUSE-SU-2018:0587-1)	Nessus	SuSE Local Security Checks	high
107131	SUSE SLED12 / SLES12 Security Update : openexr (SUSE-SU-2018:0585-1)	Nessus	SuSE Local Security Checks	high
107040	Fedora 26 : mingw-OpenEXR (2018-f5d2f4ec0d)	Nessus	Fedora Local Security Checks	high
107034	Fedora 27 : mingw-OpenEXR (2018-b152c791cc)	Nessus	Fedora Local Security Checks	high
103570	Slackware 14.2 / current : openexr (SSA:2017-274-01)	Nessus	Slackware Local Security Checks	high
100442	FreeBSD : OpenEXR -- multiple remote code execution and denial of service vulnerabilities (803879e9-4195-11e7-9b08-080027ef73ec)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2017-9114

medium

Tenable Plugins

high

high

high

high

high

medium

high

high

high

high

high

high

high