English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2021.0015
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2021-0015)
Resumen:The remote host is missing an update for the 'openexr' package(s) announced via the MGASA-2021-0015 advisory.
Descripción:Summary:
The remote host is missing an update for the 'openexr' package(s) announced via the MGASA-2021-0015 advisory.

Vulnerability Insight:
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file
could cause invalid memory access in TiledInputFile::TiledInputFile() in
IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference
(CVE-2020-15304).

An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a
use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in
IlmImf/ImfDeepScanLineInputFile.cpp (CVE-2020-15305).

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes
could cause a heap buffer overflow in getChunkOffsetTableSize() in
IlmImf/ImfMisc.cpp (CVE-2020-15306).

A heap-based buffer overflow vulnerability exists in Academy Software
Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in
ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR
file (CVE-2020-16587).

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR
2.3.0 in generatePreview in makePreview.cpp that can cause a denial of
service via a crafted EXR file (CVE-2020-16588).

A head-based buffer overflow exists in Academy Software Foundation OpenEXR
2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of
service via a crafted EXR file (CVE-2020-16589).

Affected Software/OS:
'openexr' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-15304
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/
https://security.gentoo.org/glsa/202107-27
https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md
https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md
https://github.com/AcademySoftwareFoundation/openexr/pull/727
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2
SuSE Security Announcement: openSUSE-SU-2020:0970 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html
SuSE Security Announcement: openSUSE-SU-2020:1015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-15305
Debian Security Information: DSA-4755 (Google Search)
https://www.debian.org/security/2020/dsa-4755
https://github.com/AcademySoftwareFoundation/openexr/pull/730
https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
https://usn.ubuntu.com/4418-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-15306
https://github.com/AcademySoftwareFoundation/openexr/pull/738
Common Vulnerability Exposure (CVE) ID: CVE-2020-16587
https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a
https://github.com/AcademySoftwareFoundation/openexr/issues/491
https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-16588
https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f
https://github.com/AcademySoftwareFoundation/openexr/issues/493
Common Vulnerability Exposure (CVE) ID: CVE-2020-16589
https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8
https://github.com/AcademySoftwareFoundation/openexr/issues/494
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.