Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2020-11760
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 4.3/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- Medium
- Base Score
- 5.5/10
- Exploit Score
- 1.8/10
- Access Vector
- Local
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 3.6/10
- Confidentiality Impact
- None
- Availability Impact
- High
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- Required
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* |
Yes
|
- | 2.4.1 | |
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
Yes
|
- | 10.15.6 | |
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
Yes
|
- | 13.4.8 | |
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
Yes
|
- | 13.6 | |
cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:* |
Yes
|
- | 7.20 | |
cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:* |
Yes
|
- | 12.10.8 | |
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
Yes
|
- | 6.2.8 | |
cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:* |
Yes
|
10.0 | 11.3 | |
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
Yes
|
- | 13.6 | |
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
Yes
|
10.13.0 | 10.13.6 | |
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
Yes
|
10.14.0 | 10.14.6 | |
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-003:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*: |
Yes
|
- | - | |
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*: |
Yes
|
- | - |
References
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
- https://usn.ubuntu.com/4339-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html
- https://www.debian.org/security/2020/dsa-4755
- https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
- https://support.apple.com/kb/HT211293
- https://support.apple.com/kb/HT211290
- https://support.apple.com/kb/HT211291
- https://support.apple.com/kb/HT211288
- https://support.apple.com/kb/HT211289
- https://support.apple.com/kb/HT211295
- https://support.apple.com/kb/HT211294
- https://security.gentoo.org/glsa/202107-27
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org