CVE-2009-1721
MEDIUM severity · CVSS 6.8 · CWE-824
6.8CVSS MEDIUM
Summary
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)4%
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff ↗
Additional information
- NVD record
- http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffPatch
- http://secunia.com/advisories/36030Advisory
- http://secunia.com/advisories/36032Advisory
- http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
- http://secunia.com/advisories/36096
- http://secunia.com/advisories/36123
- http://secunia.com/advisories/36753