Summaryinfo

A vulnerability was found in OpenEXR up to 2.4.0. It has been rated as critical. This issue affects the function rleUncompress of the file ImfRle.cpp of the component RLE Compression. The manipulation leads to out-of-bounds. The identification of this vulnerability is CVE-2020-11760. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability was found in OpenEXR up to 2.4.0. It has been declared as critical. This vulnerability affects the function rleUncompress of the file ImfRle.cpp of the component RLE Compression. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

The weakness was shared 04/14/2020. This vulnerability was named CVE-2020-11760 since 04/14/2020. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. There are known technical details, but no exploit is available.

Upgrading to version 2.4.1 eliminates this vulnerability.

The entries VDB-153128, VDB-153127, VDB-153126 and VDB-153125 are related to this item. Once again VulDB remains the best source for vulnerability data.

Productinfo

Name

• OpenEXR

Version

• 2.0
• 2.1
• 2.2
• 2.3
• 2.4.0

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion