Nixpkgs security tracker
6.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
3 packages
- openexrid-unstable
- haskellPackages.openexr-write
- openexr_2
- @LeSuisse accepted
- @LeSuisse published on GitHub
OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.
References
Affected products
- ==>= 3.4.0, < 3.4.5
- ==>= 3.3.0, < 3.3.7
Matching in nixpkgs
Ignored packages (3)
pkgs.openexr_2
High dynamic-range (HDR) image file format
pkgs.openexrid-unstable
OpenEXR files able to isolate any object of a CG image with a perfect antialiazing
-
nixos-unstable 2017-09-17
- nixpkgs-unstable 2017-09-17
- nixos-unstable-small 2017-09-17
pkgs.haskellPackages.openexr-write
Library for writing images in OpenEXR HDR file format
Package maintainers
-
@paperdigits Mica Semrick <mica@silentumbrella.com>