Home

CVE-2020-11761

Description

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.576

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Apple iTunes (X64) (12.10.8.5)Windows
Multiple vulnerabilities fixed in Apple iTunes (12.10.8.5)Windows
Multiple vulnerabilities fixed in iCloud 11.3Windows
Multiple vulnerabilities fixed in iCloud (7.20.0.17)Windows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.10.7Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.10.7Windows
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.6Mac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.6 Combo UpdateMac
Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.10.7Mac
tools for the OpenEXR image format (USN-4339-1) openexr_2.3.0-6ubuntu0.1_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.3.0-6ubuntu0.1_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.0-10ubuntu2.2_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.0-10ubuntu2.2_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.1-4.1ubuntu1.1_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.1-4.1ubuntu1.1_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.0-11.1ubuntu1.2_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) openexr_2.2.0-11.1ubuntu1.2_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr22_2.2.0-10ubuntu2.2_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr22_2.2.0-10ubuntu2.2_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr22_2.2.0-11.1ubuntu1.2_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr22_2.2.0-11.1ubuntu1.2_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr23_2.2.1-4.1ubuntu1.1_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr23_2.2.1-4.1ubuntu1.1_amd64.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr24_2.3.0-6ubuntu0.1_i386.debLinux
tools for the OpenEXR image format (USN-4339-1) libopenexr24_2.3.0-6ubuntu0.1_amd64.debLinux
openexr security update(DSA-4755-1) openexr_2.2.1-4.1+deb10u1_i386.debLinux
openexr security update(DSA-4755-1) openexr_2.2.1-4.1+deb10u1_amd64.debLinux
(RHSA-2020:4039) OpenEXR security update OpenEXR-1.7.1-8.el7.x86_64.rpmLinux
(RHSA-2020:4039) OpenEXR security update OpenEXR-devel-1.7.1-8.el7.i686.rpmLinux
(RHSA-2020:4039) OpenEXR security update OpenEXR-devel-1.7.1-8.el7.x86_64.rpmLinux
(RHSA-2020:4039) OpenEXR security update OpenEXR-libs-1.7.1-8.el7.i686.rpmLinux
(RHSA-2020:4039) OpenEXR security update OpenEXR-libs-1.7.1-8.el7.x86_64.rpmLinux
(CESA-2020:4039) OpenEXR security update OpenEXR-1.7.1-8.el7.x86_64.rpmLinux
(CESA-2020:4039) OpenEXR security update OpenEXR-devel-1.7.1-8.el7.x86_64.rpmLinux
(CESA-2020:4039) OpenEXR security update OpenEXR-libs-1.7.1-8.el7.x86_64.rpmLinux
(RHSA-2020:4039)Moderate: security update OpenEXR-debuginfo-1.7.1-8.el7.i686.rpmLinux
(RHSA-2020:4039)Moderate: security update OpenEXR-debuginfo-1.7.1-8.el7.x86_64.rpmLinux
OpenEXR-libs update (ELSA-2020-4039) OpenEXR-libs-1.7.1-8.el7.i686.rpmLinux
OpenEXR-libs update (ELSA-2020-4039) OpenEXR-libs-1.7.1-8.el7.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-315306Apple iTunes (X64) (12.10.8.5)
PATCH-315305Apple iTunes (12.10.8.5)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-315452iCloud (7.20.0.17)
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234