CVE-2020-15304
Published: 26 June 2020
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
Priority
Medium
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
openexr Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(code not present)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code not present)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code not present)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code not present)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15304
- https://github.com/AcademySoftwareFoundation/openexr/pull/727
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2
- NVD
- Launchpad
- Debian