CVE-2020-11765: Buffer Overflow
First published: Tue Apr 14 2020(Updated: )
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
Credit: Xingwei Lin Ant cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openexr | 2.5.4-2+deb11u1 3.1.5-5 3.1.5-5.1 | |
| tvOS | <13.4.8 | 13.4.8 |
| macOS Catalina | <10.15.6 | 10.15.6 |
| macOS Mojave | ||
| macOS High Sierra | ||
| Apple iOS, iPadOS, and watchOS | <13.6 | 13.6 |
| Apple iOS, iPadOS, and watchOS | <13.6 | 13.6 |
| Apple iOS, iPadOS, and watchOS | <6.2.8 | 6.2.8 |
| OpenEXR | <2.4.1 | |
| Fedoraproject Fedora | =32 | |
| openSUSE | =15.1 | |
| Debian GNU/Linux | =9.0 | |
| Debian GNU/Linux | =10.0 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =19.10 | |
| Ubuntu Linux | =20.04 | |
| Apple iCloud for Windows | <7.20 | |
| Apple iCloud for Windows | >=10.0<11.3 | |
| Apple iTunes for Windows | <12.10.8 | |
| Apple iOS, iPadOS, and watchOS | <13.6 | |
| iOS | <13.6 | |
| Apple iOS and macOS | >=10.13.0<10.13.6 | |
| Apple iOS and macOS | >=10.14.0<10.14.6 | |
| Apple iOS and macOS | >=10.15<10.15.6 | |
| Apple iOS and macOS | =10.13.6 | |
| Apple iOS and macOS | =10.13.6-security_update_2018-002 | |
| Apple iOS and macOS | =10.13.6-security_update_2018-003 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-001 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-002 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-003 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-004 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-005 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-006 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-007 | |
| Apple iOS and macOS | =10.13.6-security_update_2020-001 | |
| Apple iOS and macOS | =10.13.6-security_update_2020-002 | |
| Apple iOS and macOS | =10.13.6-security_update_2020-003 | |
| Apple iOS and macOS | =10.13.6-supplemental_update | |
| Apple iOS and macOS | =10.14.6 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-001 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-002 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-004 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-005 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-006 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-007 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-001 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-002 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-003 | |
| Apple iOS and macOS | =10.14.6-supplemental_update | |
| Apple iOS and macOS | =10.14.6-supplemental_update_2 | |
| tvOS | <13.4.8 | |
| Apple iOS, iPadOS, and watchOS | <6.2.8 | |
| Apple iCloud | <11.3 | 11.3 |
| Apple iCloud | <7.20 | 7.20 |
| Apple iTunes | <12.10.8 | 12.10.8 |
| Fedora | =32 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 | |
| Ubuntu | =20.04 |
Remedy
https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
Remedy
https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1
- https://usn.ubuntu.com/4339-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html
- https://www.debian.org/security/2020/dsa-4755
- https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
- https://support.apple.com/kb/HT211288
- https://support.apple.com/kb/HT211289
- https://support.apple.com/kb/HT211290
- https://support.apple.com/kb/HT211291
- https://support.apple.com/kb/HT211293
- https://support.apple.com/kb/HT211294
- https://support.apple.com/kb/HT211295
- https://security.gentoo.org/glsa/202107-27
- https://launchpad.net/bugs/cve/CVE-2020-11765
- https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
- https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
- https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b
- https://security-tracker.debian.org/tracker/CVE-2020-11765
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765
- https://nvd.nist.gov/vuln/detail/CVE-2020-11765
- https://ubuntu.com/security/CVE-2020-11765
- https://support.apple.com/en-us/HT211290 (Advisory)
- https://support.apple.com/en-us/HT211289 (Advisory)
- https://support.apple.com/en-us/HT211288 (Advisory)
- https://support.apple.com/en-us/HT211291 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
- https://support.apple.com/en-us/HT211294 (Advisory)
- https://support.apple.com/en-us/HT211295 (Advisory)
- https://support.apple.com/kb/HT211294
- https://support.apple.com/en-us/HT211293 (Advisory)
- https://support.apple.com/kb/HT211293
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9884
- CVE-2020-9889
- CVE-2020-9888
- CVE-2020-9890
- CVE-2020-9891
- CVE-2020-9907
- CVE-2020-9883
- CVE-2020-9865
- CVE-2020-9900
- CVE-2020-9980
- CVE-2020-9933
- CVE-2020-9914
- CVE-2020-27933
- CVE-2020-11758
- CVE-2020-11759
- CVE-2020-11760
- CVE-2020-11761
- CVE-2020-11762
- CVE-2020-11763
- CVE-2020-11764
- CVE-2020-11765
- CVE-2020-9871
- CVE-2020-9872
- CVE-2020-9874
- CVE-2020-9879
- CVE-2020-9936
- CVE-2020-9937
- CVE-2020-9919
- CVE-2020-9876
- CVE-2020-9873
- CVE-2020-9938
- CVE-2020-9984
- CVE-2020-9877
- CVE-2020-9875
- CVE-2019-14899
- CVE-2020-9909
- CVE-2020-9904
- CVE-2020-9863
- CVE-2020-9892
- CVE-2020-9902
- CVE-2020-9905
- CVE-2020-9926
- CVE-2020-9880
- CVE-2020-9878
- CVE-2020-9940
- CVE-2020-9868
- CVE-2020-9901
- CVE-2020-9894
- CVE-2020-9915
- CVE-2020-9925
- CVE-2020-9893
- CVE-2020-9895
- CVE-2020-9910
- CVE-2020-9916
- CVE-2020-9862
- CVE-2020-6514
- CVE-2020-9918
- CVE-2020-9927
- CVE-2020-9928
- CVE-2020-9929
- CVE-2020-9870
- CVE-2020-9866
- CVE-2020-9869
- CVE-2020-9949
- CVE-2020-9934
- CVE-2020-9799
- CVE-2020-9913
- CVE-2020-9887
- CVE-2020-9908
- CVE-2020-9990
- CVE-2020-9921
- CVE-2020-9924
- CVE-2020-9997
- CVE-2020-9994
- CVE-2020-9935
- CVE-2019-19906
- CVE-2020-9920
- CVE-2020-9922
- CVE-2020-9885
- CVE-2020-9881
- CVE-2020-9882
- CVE-2020-9985
- CVE-2020-12243
- CVE-2020-10878
- CVE-2020-12723
- CVE-2014-9512
- CVE-2020-9930
- CVE-2020-9939
- CVE-2020-9864
- CVE-2020-9854
- CVE-2019-20807
- CVE-2020-9898
- CVE-2020-9899
- CVE-2020-9906
- CVE-2020-9931
- CVE-2020-9923
- CVE-2020-9903
- CVE-2020-9911
- CVE-2020-9917
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-11765.
What software is affected by this vulnerability?
The affected software includes macOS Catalina, Mojave, High Sierra, iOS, iPadOS, watchOS, iCloud for Windows, tvOS, and iTunes for Windows.
What is the severity of CVE-2020-11765?
The severity of CVE-2020-11765 is not specified in the information provided.
How can I fix CVE-2020-11765?
To fix CVE-2020-11765, make sure to update your affected software to the latest version provided by Apple.
Where can I find more information about CVE-2020-11765?
You can find more information about CVE-2020-11765 in the references provided by Apple: [reference 1](https://support.apple.com/en-us/HT211289), [reference 2](https://support.apple.com/en-us/HT211295), [reference 3](https://support.apple.com/en-us/HT211288).
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/weakness
- agent/severity
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- collector/apple-support
- alias/CVE-2020-11759
- alias/CVE-2020-11760
- alias/CVE-2020-11761
- alias/CVE-2020-11762
- alias/CVE-2020-11763
- alias/CVE-2020-11764
- alias/CVE-2020-11765
- agent/software-canonical-lookup-request
- agent/author
- collector/nvd-cve
- source/NVD
- agent/references
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/debian
- vendor/apple
- canonical/tvos
- canonical/macos catalina
- canonical/macos mojave
- canonical/macos high sierra
- canonical/apple ios, ipados, and watchos
- vendor/openexr
- canonical/openexr
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0
- version/debian gnu/linux/10.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/19.10
- version/ubuntu linux/20.04
- canonical/apple icloud for windows
- version/apple icloud for windows/10.0
- canonical/apple itunes for windows
- canonical/ios
- canonical/apple ios and macos
- version/apple ios and macos/10.13.0
- version/apple ios and macos/10.14.0
- version/apple ios and macos/10.15
- version/apple ios and macos/10.13.6
- version/apple ios and macos/10.13.6-security_update_2018-002
- version/apple ios and macos/10.13.6-security_update_2018-003
- version/apple ios and macos/10.13.6-security_update_2019-001
- version/apple ios and macos/10.13.6-security_update_2019-002
- version/apple ios and macos/10.13.6-security_update_2019-003
- version/apple ios and macos/10.13.6-security_update_2019-004
- version/apple ios and macos/10.13.6-security_update_2019-005
- version/apple ios and macos/10.13.6-security_update_2019-006
- version/apple ios and macos/10.13.6-security_update_2019-007
- version/apple ios and macos/10.13.6-security_update_2020-001
- version/apple ios and macos/10.13.6-security_update_2020-002
- version/apple ios and macos/10.13.6-security_update_2020-003
- version/apple ios and macos/10.13.6-supplemental_update
- version/apple ios and macos/10.14.6
- version/apple ios and macos/10.14.6-security_update_2019-001
- version/apple ios and macos/10.14.6-security_update_2019-002
- version/apple ios and macos/10.14.6-security_update_2019-004
- version/apple ios and macos/10.14.6-security_update_2019-005
- version/apple ios and macos/10.14.6-security_update_2019-006
- version/apple ios and macos/10.14.6-security_update_2019-007
- version/apple ios and macos/10.14.6-security_update_2020-001
- version/apple ios and macos/10.14.6-security_update_2020-002
- version/apple ios and macos/10.14.6-security_update_2020-003
- version/apple ios and macos/10.14.6-supplemental_update
- version/apple ios and macos/10.14.6-supplemental_update_2
- canonical/apple icloud
- canonical/apple itunes
- canonical/fedora
- version/fedora/32
- canonical/debian
- version/debian/9.0
- version/debian/10.0
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.10
- version/ubuntu/20.04