ID

VAR-202004-0475


CVE

CVE-2020-11765


TITLE

OpenEXR Vulnerability in determining boundary conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004075

DESCRIPTION

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. OpenEXR There is a vulnerability in determining boundary conditions.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A security vulnerability exists in LIM OpenEXR versions prior to 2.4.1. An attacker could exploit this vulnerability to crash the application or obtain information. For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1. We recommend that you upgrade your openexr packages. For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code. Background ========== OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/openexr < 2.5.6 >= 2.5.6 Description =========== Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenEXR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6" References ========== [ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-27 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-4339-1 April 27, 2020 openexr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenEXR. Software Description: - openexr: tools for the OpenEXR image format Details: Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444) Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764) It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04: libopenexr24 2.3.0-6ubuntu0.1 openexr 2.3.0-6ubuntu0.1 Ubuntu 19.10: libopenexr23 2.2.1-4.1ubuntu1.1 openexr 2.2.1-4.1ubuntu1.1 Ubuntu 18.04 LTS: libopenexr22 2.2.0-11.1ubuntu1.2 openexr 2.2.0-11.1ubuntu1.2 Ubuntu 16.04 LTS: libopenexr22 2.2.0-10ubuntu2.2 openexr 2.2.0-10ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4339-1 CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765 Package Information: https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1 https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1 https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2 https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2

Trust: 2.61

sources: NVD: CVE-2020-11765 // JVNDB: JVNDB-2020-004075 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-164376 // VULMON: CVE-2020-11765 // PACKETSTORM: 168903 // PACKETSTORM: 163465 // PACKETSTORM: 157403

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:10.0

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.10.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.20

Trust: 1.0

vendor:openexrmodel:openexrscope:ltversion:2.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.0

Trust: 1.0

vendor:openexrmodel:openexrscope:eqversion:2.4.1

Trust: 0.8

vendor:openexrmodel:openexrscope:eqversion:1.0.4

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.0.7

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.1.0

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.1.1

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.2.1

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.2.2

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.3.0

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.3.1

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.3.2

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.4.0

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.7.0

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:1.7.1

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:2.0.0

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:2.0.1

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:2.1.0

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:2.2.0

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:2.2.1

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:2.3.0

Trust: 0.1

vendor:openexrmodel:openexrscope:eqversion:2.4.0

Trust: 0.1

sources: VULMON: CVE-2020-11765 // JVNDB: JVNDB-2020-004075 // NVD: CVE-2020-11765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11765
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004075
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-965
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-164376
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-11765
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-11765
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004075
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-164376
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-11765
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004075
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-164376 // VULMON: CVE-2020-11765 // CNNVD: CNNVD-202004-965 // CNNVD: CNNVD-202104-975 // JVNDB: JVNDB-2020-004075 // NVD: CVE-2020-11765

PROBLEMTYPE DATA

problemtype:CWE-193

Trust: 1.9

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-164376 // JVNDB: JVNDB-2020-004075 // NVD: CVE-2020-11765

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-965

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202004-965 // CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004075

PATCH

title:OpenEXR Release Notesurl:https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020

Trust: 0.8

title:AcademySoftwareFoundation/openexrurl:https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1

Trust: 0.8

title:Industrial Light and Magic OpenEXR Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115984

Trust: 0.6

title:Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b

Trust: 0.1

title:Ubuntu Security Notice: openexr vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1

Trust: 0.1

sources: VULMON: CVE-2020-11765 // CNNVD: CNNVD-202004-965 // JVNDB: JVNDB-2020-004075

EXTERNAL IDS

db:NVDid:CVE-2020-11765

Trust: 2.9

db:PACKETSTORMid:163465

Trust: 0.8

db:JVNDBid:JVNDB-2020-004075

Trust: 0.8

db:CNNVDid:CNNVD-202004-965

Trust: 0.7

db:PACKETSTORMid:157403

Trust: 0.7

db:CS-HELPid:SB2021071101

Trust: 0.6

db:AUSCERTid:ESB-2020.1816

Trust: 0.6

db:AUSCERTid:ESB-2020.1448

Trust: 0.6

db:AUSCERTid:ESB-2020.2985

Trust: 0.6

db:NSFOCUSid:50000

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CNVDid:CNVD-2020-24158

Trust: 0.1

db:VULHUBid:VHN-164376

Trust: 0.1

db:VULMONid:CVE-2020-11765

Trust: 0.1

db:PACKETSTORMid:168903

Trust: 0.1

sources: VULHUB: VHN-164376 // VULMON: CVE-2020-11765 // PACKETSTORM: 168903 // PACKETSTORM: 163465 // PACKETSTORM: 157403 // CNNVD: CNNVD-202004-965 // CNNVD: CNNVD-202104-975 // JVNDB: JVNDB-2020-004075 // NVD: CVE-2020-11765

REFERENCES

url:https://usn.ubuntu.com/4339-1/

Trust: 1.9

url:https://security.gentoo.org/glsa/202107-27

Trust: 1.8

url:https://bugs.chromium.org/p/project-zero/issues/detail?id=1987

Trust: 1.8

url:https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020

Trust: 1.8

url:https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1

Trust: 1.8

url:https://support.apple.com/kb/ht211288

Trust: 1.7

url:https://support.apple.com/kb/ht211289

Trust: 1.7

url:https://support.apple.com/kb/ht211290

Trust: 1.7

url:https://support.apple.com/kb/ht211291

Trust: 1.7

url:https://support.apple.com/kb/ht211293

Trust: 1.7

url:https://support.apple.com/kb/ht211294

Trust: 1.7

url:https://support.apple.com/kb/ht211295

Trust: 1.7

url:https://www.debian.org/security/2020/dsa-4755

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-11765

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11765

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2985/

Trust: 0.6

url:https://support.apple.com/en-us/ht211291

Trust: 0.6

url:https://packetstormsecurity.com/files/157403/ubuntu-security-notice-usn-4339-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1448/

Trust: 0.6

url:https://support.apple.com/en-us/ht211295

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1816/

Trust: 0.6

url:https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50000

Trust: 0.6

url:https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071101

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-11758

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-11762

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-11761

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-11764

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11760

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-15306

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11759

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11763

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-15305

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-9111

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/193.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openexr

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-9115

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-9113

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-9114

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3476

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3478

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20296

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3479

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3474

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3475

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3477

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18444

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2

Trust: 0.1

url:https://usn.ubuntu.com/4339-1

Trust: 0.1

sources: VULHUB: VHN-164376 // VULMON: CVE-2020-11765 // PACKETSTORM: 168903 // PACKETSTORM: 163465 // PACKETSTORM: 157403 // CNNVD: CNNVD-202004-965 // CNNVD: CNNVD-202104-975 // JVNDB: JVNDB-2020-004075 // NVD: CVE-2020-11765

CREDITS

Ubuntu

Trust: 0.7

sources: PACKETSTORM: 157403 // CNNVD: CNNVD-202004-965

SOURCES

db:VULHUBid:VHN-164376
db:VULMONid:CVE-2020-11765
db:PACKETSTORMid:168903
db:PACKETSTORMid:163465
db:PACKETSTORMid:157403
db:CNNVDid:CNNVD-202004-965
db:CNNVDid:CNNVD-202104-975
db:JVNDBid:JVNDB-2020-004075
db:NVDid:CVE-2020-11765

LAST UPDATE DATE

2026-06-19T21:26:55.220000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-164376date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-11765date:2020-09-09T00:00:00
db:CNNVDid:CNNVD-202004-965date:2022-04-27T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2020-004075date:2020-05-07T00:00:00
db:NVDid:CVE-2020-11765date:2026-06-17T02:50:45.253

SOURCES RELEASE DATE

db:VULHUBid:VHN-164376date:2020-04-14T00:00:00
db:VULMONid:CVE-2020-11765date:2020-04-14T00:00:00
db:PACKETSTORMid:168903date:2020-08-28T19:12:00
db:PACKETSTORMid:163465date:2021-07-12T15:22:22
db:PACKETSTORMid:157403date:2020-04-27T15:19:30
db:CNNVDid:CNNVD-202004-965date:2020-04-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:JVNDBid:JVNDB-2020-004075date:2020-05-07T00:00:00
db:NVDid:CVE-2020-11765date:2020-04-14T23:15:12.560