CVE-2020-11758
Summary
| CVE | CVE-2020-11758 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-04-14 23:15:00 UTC |
| Updated | 2023-11-07 03:15:00 UTC |
| Description | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apple | Icloud | All | All | All | All |
| Operating System | Apple | Ipados | All | All | All | All |
| Operating System | Apple | Ipad Os | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Application | Apple | Itunes | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | - | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2018-002 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2018-003 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-001 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-002 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-003 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-004 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-005 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-006 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-007 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2020-001 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2020-002 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2020-003 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | supplemental_update | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | - | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-001 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-002 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-004 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-005 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-006 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-007 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-001 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-002 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-003 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | supplemental_update | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | supplemental_update_2 | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Application | Openexr | Openexr | All | All | All | All |
| Application | Openexr | Openexr | All | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-4755-1 openexr | DEBIAN | www.debian.org | |
| About the security content of watchOS 6.2.8 - Apple Support | CONFIRM | support.apple.com | |
| OpenEXR: Multiple vulnerabilities (GLSA 202107-27) — Gentoo security | GENTOO | security.gentoo.org | |
| Release v2.4.1 · AcademySoftwareFoundation/openexr · GitHub | MISC | github.com | Release Notes, Third Party Advisory |
| tvOS 13.4.8'in güvenlik içeriği hakkında - Apple Destek | CONFIRM | support.apple.com | |
| About the security content of iCloud for Windows 7.20 - Apple Support | CONFIRM | support.apple.com | |
| About the security content of iCloud for Windows 11.3 - Apple Support | CONFIRM | support.apple.com | |
| About the security content of iTunes 12.10.8 for Windows - Apple Support | CONFIRM | support.apple.com | |
| [security-announce] openSUSE-SU-2020:0682-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| USN-4339-1: OpenEXR vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| About the security content of iOS 13.6 and iPadOS 13.6 - Apple Support | CONFIRM | support.apple.com | |
| [SECURITY] [DLA 2358-1] openexr security update | MLIST | lists.debian.org | |
| About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra - Apple Support | CONFIRM | support.apple.com | |
| openexr/CHANGES.md at master · AcademySoftwareFoundation/openexr · GitHub | MISC | github.com | Release Notes, Third Party Advisory |
| [SECURITY] Fedora 32 Update: mingw-OpenEXR-2.4.1-1.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: mingw-OpenEXR-2.4.1-1.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| 1987 - project-zero - Project Zero - Monorail | MISC | bugs.chromium.org | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.