Bug 1180109 - (CVE-2020-16589) VUL-1: CVE-2020-16589: openexr: heap-based buffer overflow in writeTileData in ImfTiledOutputFile.cpp
(CVE-2020-16589)
VUL-1: CVE-2020-16589: openexr: heap-based buffer overflow in writeTileData i...
Status: RESOLVED DUPLICATE of bug 1179879
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/273578/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-12-16 12:56 UTC by Wolfgang Frisch
Modified: 2020-12-16 13:12 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-12-16 12:56:52 UTC
CVE-2020-16589

A heap-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0
in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service
via a crafted EXR file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16589
https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8
https://github.com/AcademySoftwareFoundation/openexr/issues/494
Comment 1 Wolfgang Frisch 2020-12-16 13:00:48 UTC
See also: https://bugzilla.suse.com/show_bug.cgi?id=1179879
Comment 2 Wolfgang Frisch 2020-12-16 13:12:51 UTC
Tracked in https://bugzilla.suse.com/show_bug.cgi?id=1179879

*** This bug has been marked as a duplicate of bug 1179879 ***