CVE-2017-9111
Published: 21 May 2017
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
Priority
CVSS 3 base score: 8.8
Status
Notes
Author | Note |
---|---|
mdeslaur | see suse bug for reproducer with exrmakepreview first patch in upstream bug doesn't cover this CVE The patch for this issue was dropped during the focal development cycle by mistake. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111
- http://www.openwall.com/lists/oss-security/2017/05/12/5
- https://usn.ubuntu.com/usn/usn-4148-1
- https://usn.ubuntu.com/usn/usn-4339-1
- NVD
- Launchpad
- Debian