CVE-2020-11764: Buffer Overflow
First published: Tue Apr 14 2020(Updated: )
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
Credit: Xingwei Lin Ant cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openexr | 2.5.4-2+deb11u1 3.1.5-5 3.1.5-5.1 | |
| tvOS | <13.4.8 | 13.4.8 |
| macOS Catalina | <10.15.6 | 10.15.6 |
| macOS Mojave | ||
| macOS High Sierra | ||
| Apple iOS, iPadOS, and watchOS | <13.6 | 13.6 |
| Apple iOS, iPadOS, and watchOS | <13.6 | 13.6 |
| Apple iOS, iPadOS, and watchOS | <6.2.8 | 6.2.8 |
| Apple iCloud | <11.3 | 11.3 |
| Apple iCloud | <7.20 | 7.20 |
| OpenEXR | <2.4.1 | |
| Fedora | =32 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 | |
| Ubuntu | =20.04 | |
| SUSE Linux | =15.1 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| iCloud for Windows | <7.20 | |
| iCloud for Windows | >=10.0<11.3 | |
| iTunes | <12.10.8 | |
| Apple iOS, iPadOS, and watchOS | <13.6 | |
| iStyle @cosme iPhone OS | <13.6 | |
| Apple iOS and macOS | >=10.13.0<10.13.6 | |
| Apple iOS and macOS | >=10.14.0<10.14.6 | |
| Apple iOS and macOS | >=10.15<10.15.6 | |
| Apple iOS and macOS | =10.13.6 | |
| Apple iOS and macOS | =10.13.6-security_update_2018-002 | |
| Apple iOS and macOS | =10.13.6-security_update_2018-003 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-001 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-002 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-003 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-004 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-005 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-006 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-007 | |
| Apple iOS and macOS | =10.13.6-security_update_2020-001 | |
| Apple iOS and macOS | =10.13.6-security_update_2020-002 | |
| Apple iOS and macOS | =10.13.6-security_update_2020-003 | |
| Apple iOS and macOS | =10.14.6 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-001 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-002 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-004 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-005 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-006 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-007 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-001 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-002 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-003 | |
| tvOS | <13.4.8 | |
| Apple iOS, iPadOS, and watchOS | <6.2.8 | |
| iTunes | <12.10.8 | 12.10.8 |
Remedy
https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720
Remedy
https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1
- https://usn.ubuntu.com/4339-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html
- https://www.debian.org/security/2020/dsa-4755
- https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
- https://support.apple.com/kb/HT211288
- https://support.apple.com/kb/HT211289
- https://support.apple.com/kb/HT211290
- https://support.apple.com/kb/HT211291
- https://support.apple.com/kb/HT211293
- https://support.apple.com/kb/HT211294
- https://support.apple.com/kb/HT211295
- https://security.gentoo.org/glsa/202107-27
- https://launchpad.net/bugs/cve/CVE-2020-11764
- https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720
- https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2
- https://github.com/AcademySoftwareFoundation/openexr/commit/6bad53af7eebed507564dd5fc90320e4c6a6c0bc
- https://security-tracker.debian.org/tracker/CVE-2020-11764
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764
- https://nvd.nist.gov/vuln/detail/CVE-2020-11764
- https://ubuntu.com/security/CVE-2020-11764
- https://support.apple.com/en-us/HT211290 (Advisory)
- https://support.apple.com/en-us/HT211289 (Advisory)
- https://support.apple.com/en-us/HT211288 (Advisory)
- https://support.apple.com/en-us/HT211291 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
- https://support.apple.com/en-us/HT211294 (Advisory)
- https://support.apple.com/en-us/HT211295 (Advisory)
- https://support.apple.com/kb/HT211294
- https://support.apple.com/en-us/HT211293 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9884
- CVE-2020-9889
- CVE-2020-9888
- CVE-2020-9890
- CVE-2020-9891
- CVE-2020-9907
- CVE-2020-9883
- CVE-2020-9865
- CVE-2020-9900
- CVE-2020-9980
- CVE-2020-9933
- CVE-2020-9914
- CVE-2020-27933
- CVE-2020-11758
- CVE-2020-11759
- CVE-2020-11760
- CVE-2020-11761
- CVE-2020-11762
- CVE-2020-11763
- CVE-2020-11764
- CVE-2020-11765
- CVE-2020-9871
- CVE-2020-9872
- CVE-2020-9874
- CVE-2020-9879
- CVE-2020-9936
- CVE-2020-9937
- CVE-2020-9919
- CVE-2020-9876
- CVE-2020-9873
- CVE-2020-9938
- CVE-2020-9984
- CVE-2020-9877
- CVE-2020-9875
- CVE-2019-14899
- CVE-2020-9909
- CVE-2020-9904
- CVE-2020-9863
- CVE-2020-9892
- CVE-2020-9902
- CVE-2020-9905
- CVE-2020-9926
- CVE-2020-9880
- CVE-2020-9878
- CVE-2020-9940
- CVE-2020-9868
- CVE-2020-9901
- CVE-2020-9894
- CVE-2020-9915
- CVE-2020-9925
- CVE-2020-9893
- CVE-2020-9895
- CVE-2020-9910
- CVE-2020-9916
- CVE-2020-9862
- CVE-2020-6514
- CVE-2020-9918
- CVE-2020-9927
- CVE-2020-9928
- CVE-2020-9929
- CVE-2020-9870
- CVE-2020-9866
- CVE-2020-9869
- CVE-2020-9949
- CVE-2020-9934
- CVE-2020-9799
- CVE-2020-9913
- CVE-2020-9887
- CVE-2020-9908
- CVE-2020-9990
- CVE-2020-9921
- CVE-2020-9924
- CVE-2020-9997
- CVE-2020-9994
- CVE-2020-9935
- CVE-2019-19906
- CVE-2020-9920
- CVE-2020-9922
- CVE-2020-9885
- CVE-2020-9881
- CVE-2020-9882
- CVE-2020-9985
- CVE-2020-12243
- CVE-2020-10878
- CVE-2020-12723
- CVE-2014-9512
- CVE-2020-9930
- CVE-2020-9939
- CVE-2020-9864
- CVE-2020-9854
- CVE-2019-20807
- CVE-2020-9898
- CVE-2020-9899
- CVE-2020-9906
- CVE-2020-9931
- CVE-2020-9923
- CVE-2020-9903
- CVE-2020-9911
- CVE-2020-9917
Frequently Asked Questions
What is CVE-2020-11764?
CVE-2020-11764 is a vulnerability in ImageIO that allows attackers to execute arbitrary code or cause a denial of service.
Which software versions are affected by CVE-2020-11764?
macOS Catalina 10.15.6, Mojave, High Sierra, iOS up to version 13.6, iPadOS up to version 13.6, watchOS up to version 6.2.8, iCloud for Windows up to version 7.20, tvOS up to version 13.4.8, and iTunes for Windows up to version 12.10.8 are affected by CVE-2020-11764.
What is the severity of CVE-2020-11764?
The severity of CVE-2020-11764 is high.
How can I fix CVE-2020-11764?
Update your software to the latest version available from Apple's official website.
Where can I find more information about CVE-2020-11764?
You can find more information about CVE-2020-11764 on Apple's official support page: [https://support.apple.com/en-us/HT211289](https://support.apple.com/en-us/HT211289).
- agent/type
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- collector/apple-support
- alias/CVE-2020-11759
- alias/CVE-2020-11760
- alias/CVE-2020-11761
- alias/CVE-2020-11762
- alias/CVE-2020-11763
- alias/CVE-2020-11764
- alias/CVE-2020-11765
- agent/software-canonical-lookup-request
- agent/author
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- package-manager/debian
- vendor/apple
- canonical/tvos
- canonical/macos catalina
- canonical/macos mojave
- canonical/macos high sierra
- canonical/apple ios, ipados, and watchos
- canonical/apple icloud
- vendor/openexr
- canonical/openexr
- vendor/fedoraproject
- canonical/fedora
- version/fedora/32
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.10
- version/ubuntu/20.04
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.1
- vendor/debian
- canonical/debian
- version/debian/9.0
- version/debian/10.0
- canonical/icloud for windows
- version/icloud for windows/10.0
- canonical/itunes
- canonical/istyle @cosme iphone os
- canonical/apple ios and macos
- version/apple ios and macos/10.13.0
- version/apple ios and macos/10.14.0
- version/apple ios and macos/10.15
- version/apple ios and macos/10.13.6
- version/apple ios and macos/10.13.6-security_update_2018-002
- version/apple ios and macos/10.13.6-security_update_2018-003
- version/apple ios and macos/10.13.6-security_update_2019-001
- version/apple ios and macos/10.13.6-security_update_2019-002
- version/apple ios and macos/10.13.6-security_update_2019-003
- version/apple ios and macos/10.13.6-security_update_2019-004
- version/apple ios and macos/10.13.6-security_update_2019-005
- version/apple ios and macos/10.13.6-security_update_2019-006
- version/apple ios and macos/10.13.6-security_update_2019-007
- version/apple ios and macos/10.13.6-security_update_2020-001
- version/apple ios and macos/10.13.6-security_update_2020-002
- version/apple ios and macos/10.13.6-security_update_2020-003
- version/apple ios and macos/10.14.6
- version/apple ios and macos/10.14.6-security_update_2019-001
- version/apple ios and macos/10.14.6-security_update_2019-002
- version/apple ios and macos/10.14.6-security_update_2019-004
- version/apple ios and macos/10.14.6-security_update_2019-005
- version/apple ios and macos/10.14.6-security_update_2019-006
- version/apple ios and macos/10.14.6-security_update_2019-007
- version/apple ios and macos/10.14.6-security_update_2020-001
- version/apple ios and macos/10.14.6-security_update_2020-002
- version/apple ios and macos/10.14.6-security_update_2020-003