Bug 513995 (CVE-2009-1720)
| Summary: | CVE-2009-1720 OpenEXR: Multiple integer overflows | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | rdieter, security-response-team, vdanen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-08-03 06:25:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Attachments: | |||
Public now via: http://seclists.org/fulldisclosure/2009/Jul/0444.html This issue affects the versions of the OpenEXR package, as shipped with Fedora releases of 10 and 11. This issue affects the versions of the OpenEXR package, as shipped with Extra Packages for Enterprise Linux 4 (EPEL4) and Extra Packages for Enterprise Linux 5 (EPEL5) projects. Created attachment 355417 [details] Integer overflow in Imf::PreviewImage::PreviewImage (CVE-2009-1720, issue#1) patch by Drew Yao Created attachment 355418 [details] Integer overflows in compressor constructors (CVE-2009-1720, issue#2) patch by Drew Yao OpenEXR-1.6.1-8.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/OpenEXR-1.6.1-8.fc10 OpenEXR-1.6.1-8.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/OpenEXR-1.6.1-8.fc11 OpenEXR-1.4.0a-5.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/OpenEXR-1.4.0a-5.el5 OpenEXR-1.4.0a-5.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/OpenEXR-1.4.0a-5.el4 OpenEXR-1.6.1-8.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. OpenEXR-1.6.1-8.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. OpenEXR-1.4.0a-5.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. OpenEXR-1.4.0a-5.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. |
Multiple integer overflow flaws, leading to heap-based buffer overflows were found in OpenEXR. A remote attacker could provide a specially-crafted image file, which once opened by a local, unsuspecting user, would lead to denial of service ("exrmakepreview" crash), or potentially, arbitrary code execution with the privileges of the user opening the image. Credit: Drew Yao of Apple Product Security ------