Home

CVE-2020-11758

Description

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.642

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Apple iTunes (X64) (12.10.8.5)Windows
Multiple vulnerabilities fixed in Apple iTunes (12.10.8.5)Windows
Multiple vulnerabilities fixed in iCloud 11.3Windows
Multiple vulnerabilities fixed in iCloud (7.20.0.17)Windows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.10.7Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.10.7Windows
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.6Mac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.6 Combo UpdateMac
Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.10.7Mac
tools for the OpenEXR image format (USN-4339-1) openexr_2.3.0-6ubuntu0.1_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.3.0-6ubuntu0.1_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.0-10ubuntu2.2_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.0-10ubuntu2.2_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.1-4.1ubuntu1.1_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.1-4.1ubuntu1.1_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.0-11.1ubuntu1.2_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.0-11.1ubuntu1.2_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr22_2.2.0-10ubuntu2.2_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr22_2.2.0-10ubuntu2.2_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr22_2.2.0-11.1ubuntu1.2_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr22_2.2.0-11.1ubuntu1.2_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr23_2.2.1-4.1ubuntu1.1_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr23_2.2.1-4.1ubuntu1.1_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr24_2.3.0-6ubuntu0.1_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr24_2.3.0-6ubuntu0.1_amd64.debLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP5 ) libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64.rpmLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP4 ) libIlmImf-Imf_2_1-21-2.1.0-6.20.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP5 ) libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.20.1.x86_64.rpmLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP4 ) libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.20.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP4 ) openexr-2.1.0-6.20.1.x86_64.rpmLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP5 ) openexr-2.1.0-6.20.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP4 ) openexr-debuginfo-2.1.0-6.20.1.x86_64.rpmLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP5 ) openexr-debuginfo-2.1.0-6.20.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP4 ) openexr-debugsource-2.1.0-6.20.1.x86_64.rpmLinux
SUSE-SU-2020:1292-1(SUSE Linux Enterprise Server 12-SP5 ) openexr-debugsource-2.1.0-6.20.1.x86_64_SP5.rpmLinux
openexr security update(DSA-4755-1) openexr_2.2.1-4.1+deb10u1_i386.debLinux
openexr security update(DSA-4755-1) openexr_2.2.1-4.1+deb10u1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-315306Apple iTunes (X64) (12.10.8.5)
PATCH-315305Apple iTunes (12.10.8.5)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-315452iCloud (7.20.0.17)
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234