Vulnerabilities > CVE-2017-9113 - Unspecified vulnerability in Openexr 2.2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_803879E9419511E79B08080027EF73EC.NASL description Brandon Perry reports : [There] is a zip file of EXR images that cause segmentation faults in the OpenEXR library (tested against 2.2.0). - CVE-2017-9110 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. - CVE-2017-9111 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. - CVE-2017-9112 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. - CVE-2017-9113 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. - CVE-2017-9114 In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. - CVE-2017-9115 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. - CVE-2017-9116 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 100442 published 2017-05-26 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100442 title FreeBSD : OpenEXR -- multiple remote code execution and denial of service vulnerabilities (803879e9-4195-11e7-9b08-080027ef73ec) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1962-1.NASL description This update for openexr fixes the following issues : Security issue fixed : CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp (bsc#1040112). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127039 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127039 title SUSE SLED12 / SLES12 Security Update : openexr (SUSE-SU-2019:1962-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-274-01.NASL description New openexr packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103570 published 2017-10-02 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103570 title Slackware 14.2 / current : openexr (SSA:2017-274-01) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1584.NASL description According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format.Security Fix(es):In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.(CVE-2017-9115)In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.(CVE-2017-9111)In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution it may result in denial of service or possibly unspecified other impact.(CVE-2017-12596)In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.(CVE-2017-9113)In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.(CVE-2017-9116)In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.(CVE-2017-9114)In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.(CVE-2017-9112)In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.(CVE-2017-9110)Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn last seen 2020-05-31 modified 2020-05-26 plugin id 136862 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136862 title EulerOS 2.0 SP8 : OpenEXR (EulerOS-SA-2020-1584) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1826.NASL description This update for openexr fixes the following issues : Security issues fixed: 	 - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 127738 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127738 title openSUSE Security Update : openexr (openSUSE-2019-1826) NASL family Fedora Local Security Checks NASL id FEDORA_2018-B152C791CC.NASL description This update fixes the following vulnerabilities: CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-02-28 plugin id 107034 published 2018-02-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107034 title Fedora 27 : mingw-OpenEXR (2018-b152c791cc) NASL family Fedora Local Security Checks NASL id FEDORA_2018-F5D2F4EC0D.NASL description This update fixes the following vulnerabilities: CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-02-28 plugin id 107040 published 2018-02-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107040 title Fedora 26 : mingw-OpenEXR (2018-f5d2f4ec0d) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4339-1.NASL description Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444) Samuel Gross discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764) It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2020-04-28 plugin id 136028 published 2020-04-28 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136028 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : openexr vulnerabilities (USN-4339-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1816.NASL description This update for openexr fixes the following issues : Security issues fixed: 	 - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 127736 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127736 title openSUSE Security Update : openexr (openSUSE-2019-1816) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2638.NASL description According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.(CVE-2017-9110) - In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.(CVE-2017-9113) - In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.(CVE-2017-9115) - In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.(CVE-2017-9111) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-18 plugin id 132173 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132173 title EulerOS 2.0 SP3 : OpenEXR (EulerOS-SA-2019-2638) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4148-1.NASL description It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12596) Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-9110, CVE-2017-9112, CVE-2017-9116) Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2018-18444). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129712 published 2019-10-08 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129712 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : openexr vulnerabilities (USN-4148-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1963-1.NASL description This update for openexr fixes the following issues : Security issues fixed : CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127040 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127040 title SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2019:1963-1)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html
- http://www.openwall.com/lists/oss-security/2017/05/12/5
- https://github.com/openexr/openexr/issues/232
- https://github.com/openexr/openexr/pull/233
- https://github.com/openexr/openexr/releases/tag/v2.2.1
- https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
- https://usn.ubuntu.com/4148-1/
- https://usn.ubuntu.com/4339-1/
- https://www.debian.org/security/2020/dsa-4755