HIGH 8.8

GHSA-qxh9-r8xw-7v99

OpenEXR invalid write

Details

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / openexr

Introduced in: 0 Fixed in: 2.2.1

Fix pip install --upgrade 'openexr>=2.2.1'

References

https://nvd.nist.gov/vuln/detail/CVE-2017-9111 [ADVISORY]
https://github.com/openexr/openexr/issues/232 [WEB]
https://github.com/openexr/openexr/pull/233 [WEB]
https://github.com/AcademySoftwareFoundation/openexr [PACKAGE]
https://github.com/openexr/openexr/releases/tag/v2.2.1 [WEB]
https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html [WEB]
https://usn.ubuntu.com/4148-1 [WEB]
https://usn.ubuntu.com/4339-1 [WEB]
https://www.debian.org/security/2020/dsa-4755 [WEB]
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html [WEB]
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html [WEB]
http://www.openwall.com/lists/oss-security/2017/05/12/5 [WEB]