CVE-2020-11765: Buffer Overflow
First published: Tue Apr 14 2020(Updated: )
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
Credit: Xingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin Ant cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iCloud for Windows | <11.3 | 11.3 |
| Apple iTunes for Windows | <12.10.8 | 12.10.8 |
| Apple iCloud for Windows | <7.20 | 7.20 |
| Apple macOS Catalina | <10.15.6 | 10.15.6 |
| Apple Mojave | ||
| Apple High Sierra | ||
| Apple watchOS | <6.2.8 | 6.2.8 |
| Apple tvOS | <13.4.8 | 13.4.8 |
| debian/openexr | 2.2.1-4.1+deb10u1 2.2.1-4.1+deb10u2 2.5.4-2+deb11u1 3.1.5-5 3.1.5-5.1 | |
| Apple iOS | <13.6 | 13.6 |
| Apple iPadOS | <13.6 | 13.6 |
| ubuntu/openexr | <2.2.0-11.1ubuntu1.2 | 2.2.0-11.1ubuntu1.2 |
| ubuntu/openexr | <2.2.1-4.1ubuntu1.1 | 2.2.1-4.1ubuntu1.1 |
| ubuntu/openexr | <2.3.0-6ubuntu0.1 | 2.3.0-6ubuntu0.1 |
| ubuntu/openexr | <2.2.0-10ubuntu2.2 | 2.2.0-10ubuntu2.2 |
| Openexr Openexr | <2.4.1 | |
| Fedoraproject Fedora | =32 | |
| openSUSE Leap | =15.1 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| Canonical Ubuntu Linux | =20.04 | |
| Apple Icloud Windows | <7.20 | |
| Apple Icloud Windows | >=10.0<11.3 | |
| Apple Itunes Windows | <12.10.8 | |
| Apple iPadOS | <13.6 | |
| Apple iPhone OS | <13.6 | |
| Apple Mac OS X | >=10.13.0<10.13.6 | |
| Apple Mac OS X | >=10.14.0<10.14.6 | |
| Apple Mac OS X | >=10.15<10.15.6 | |
| Apple Mac OS X | =10.13.6 | |
| Apple Mac OS X | =10.13.6-security_update_2018-002 | |
| Apple Mac OS X | =10.13.6-security_update_2018-003 | |
| Apple Mac OS X | =10.13.6-security_update_2019-001 | |
| Apple Mac OS X | =10.13.6-security_update_2019-002 | |
| Apple Mac OS X | =10.13.6-security_update_2019-003 | |
| Apple Mac OS X | =10.13.6-security_update_2019-004 | |
| Apple Mac OS X | =10.13.6-security_update_2019-005 | |
| Apple Mac OS X | =10.13.6-security_update_2019-006 | |
| Apple Mac OS X | =10.13.6-security_update_2019-007 | |
| Apple Mac OS X | =10.13.6-security_update_2020-001 | |
| Apple Mac OS X | =10.13.6-security_update_2020-002 | |
| Apple Mac OS X | =10.13.6-security_update_2020-003 | |
| Apple Mac OS X | =10.13.6-supplemental_update | |
| Apple Mac OS X | =10.14.6 | |
| Apple Mac OS X | =10.14.6-security_update_2019-001 | |
| Apple Mac OS X | =10.14.6-security_update_2019-002 | |
| Apple Mac OS X | =10.14.6-security_update_2019-004 | |
| Apple Mac OS X | =10.14.6-security_update_2019-005 | |
| Apple Mac OS X | =10.14.6-security_update_2019-006 | |
| Apple Mac OS X | =10.14.6-security_update_2019-007 | |
| Apple Mac OS X | =10.14.6-security_update_2020-001 | |
| Apple Mac OS X | =10.14.6-security_update_2020-002 | |
| Apple Mac OS X | =10.14.6-security_update_2020-003 | |
| Apple Mac OS X | =10.14.6-supplemental_update | |
| Apple Mac OS X | =10.14.6-supplemental_update_2 | |
| Apple tvOS | <13.4.8 | |
| Apple watchOS | <6.2.8 |
Remedy
https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
Remedy
https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211294 (Advisory)
- https://support.apple.com/kb/HT211294
- https://support.apple.com/en-us/HT211293 (Advisory)
- https://support.apple.com/kb/HT211293
- https://support.apple.com/en-us/HT211295 (Advisory)
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1
- https://usn.ubuntu.com/4339-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html
- https://www.debian.org/security/2020/dsa-4755
- https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
- https://support.apple.com/kb/HT211288
- https://support.apple.com/kb/HT211289
- https://support.apple.com/kb/HT211290
- https://support.apple.com/kb/HT211291
- https://support.apple.com/kb/HT211295
- https://security.gentoo.org/glsa/202107-27
- https://launchpad.net/bugs/cve/CVE-2020-11765
- https://support.apple.com/en-us/HT211289 (Advisory)
- https://support.apple.com/en-us/HT211291 (Advisory)
- https://support.apple.com/en-us/HT211290 (Advisory)
- https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
- https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
- https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b
- https://security-tracker.debian.org/tracker/CVE-2020-11765
- https://support.apple.com/en-us/HT211288 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
- https://ubuntu.com/security/notices/USN-4339-1
- https://www.cve.org/CVERecord?id=CVE-2020-11765
- https://nvd.nist.gov/vuln/detail/CVE-2020-11765
- https://ubuntu.com/security/CVE-2020-11765
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9883
- CVE-2020-27933
- CVE-2020-11758
- CVE-2020-11759
- CVE-2020-11760
- CVE-2020-11761
- CVE-2020-11762
- CVE-2020-11763
- CVE-2020-11764
- CVE-2020-11765
- CVE-2020-9871
- CVE-2020-9872
- CVE-2020-9874
- CVE-2020-9879
- CVE-2020-9936
- CVE-2020-9937
- CVE-2020-9873
- CVE-2020-9938
- CVE-2020-9984
- CVE-2020-9919
- CVE-2020-9876
- CVE-2020-9877
- CVE-2020-9875
- CVE-2020-9926
- CVE-2020-9894
- CVE-2020-9915
- CVE-2020-9925
- CVE-2020-9893
- CVE-2020-9895
- CVE-2020-9910
- CVE-2020-9916
- CVE-2020-9862
- CVE-2020-9927
- CVE-2020-9884
- CVE-2020-9889
- CVE-2020-9888
- CVE-2020-9890
- CVE-2020-9891
- CVE-2020-9928
- CVE-2020-9929
- CVE-2020-9870
- CVE-2020-9866
- CVE-2020-9869
- CVE-2020-9949
- CVE-2020-9934
- CVE-2020-9865
- CVE-2020-9900
- CVE-2020-9980
- CVE-2020-9799
- CVE-2020-9913
- CVE-2020-9887
- CVE-2020-9908
- CVE-2020-9990
- CVE-2020-9921
- CVE-2019-14899
- CVE-2020-9904
- CVE-2020-9924
- CVE-2020-9892
- CVE-2020-9863
- CVE-2020-9902
- CVE-2020-9905
- CVE-2020-9997
- CVE-2020-9994
- CVE-2020-9935
- CVE-2019-19906
- CVE-2020-9920
- CVE-2020-9922
- CVE-2020-9885
- CVE-2020-9878
- CVE-2020-9880
- CVE-2020-9881
- CVE-2020-9882
- CVE-2020-9940
- CVE-2020-9985
- CVE-2020-12243
- CVE-2020-10878
- CVE-2020-12723
- CVE-2014-9512
- CVE-2020-9930
- CVE-2020-9939
- CVE-2020-9864
- CVE-2020-9868
- CVE-2020-9854
- CVE-2020-9901
- CVE-2019-20807
- CVE-2020-9898
- CVE-2020-9918
- CVE-2020-9899
- CVE-2020-9906
- CVE-2020-9933
- CVE-2020-9923
- CVE-2020-9909
- CVE-2020-6514
- CVE-2020-9907
- CVE-2020-9914
- CVE-2020-9931
- CVE-2020-9903
- CVE-2020-9911
- CVE-2020-9917
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-11765.
What software is affected by this vulnerability?
The affected software includes macOS Catalina, Mojave, High Sierra, iOS, iPadOS, watchOS, iCloud for Windows, tvOS, and iTunes for Windows.
What is the severity of CVE-2020-11765?
The severity of CVE-2020-11765 is not specified in the information provided.
How can I fix CVE-2020-11765?
To fix CVE-2020-11765, make sure to update your affected software to the latest version provided by Apple.
Where can I find more information about CVE-2020-11765?
You can find more information about CVE-2020-11765 in the references provided by Apple: [reference 1](https://support.apple.com/en-us/HT211289), [reference 2](https://support.apple.com/en-us/HT211295), [reference 3](https://support.apple.com/en-us/HT211288).
- collector/apple-support
- alias/CVE-2020-11759
- alias/CVE-2020-11760
- alias/CVE-2020-11761
- alias/CVE-2020-11762
- alias/CVE-2020-11763
- alias/CVE-2020-11764
- alias/CVE-2020-11765
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/event
- agent/weakness
- agent/severity
- agent/description
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- vendor/apple
- canonical/apple icloud for windows
- canonical/apple itunes for windows
- canonical/apple macos catalina
- canonical/apple mojave
- canonical/apple high sierra
- canonical/apple watchos
- canonical/apple tvos
- package-manager/debian
- canonical/apple ios
- canonical/apple ipados
- package-manager/ubuntu
- vendor/openexr
- canonical/openexr openexr
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- version/canonical ubuntu linux/20.04
- canonical/apple icloud windows
- version/apple icloud windows/10.0
- canonical/apple itunes windows
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.13.0
- version/apple mac os x/10.14.0
- version/apple mac os x/10.15
- version/apple mac os x/10.13.6
- version/apple mac os x/10.13.6-security_update_2018-002
- version/apple mac os x/10.13.6-security_update_2018-003
- version/apple mac os x/10.13.6-security_update_2019-001
- version/apple mac os x/10.13.6-security_update_2019-002
- version/apple mac os x/10.13.6-security_update_2019-003
- version/apple mac os x/10.13.6-security_update_2019-004
- version/apple mac os x/10.13.6-security_update_2019-005
- version/apple mac os x/10.13.6-security_update_2019-006
- version/apple mac os x/10.13.6-security_update_2019-007
- version/apple mac os x/10.13.6-security_update_2020-001
- version/apple mac os x/10.13.6-security_update_2020-002
- version/apple mac os x/10.13.6-security_update_2020-003
- version/apple mac os x/10.13.6-supplemental_update
- version/apple mac os x/10.14.6
- version/apple mac os x/10.14.6-security_update_2019-001
- version/apple mac os x/10.14.6-security_update_2019-002
- version/apple mac os x/10.14.6-security_update_2019-004
- version/apple mac os x/10.14.6-security_update_2019-005
- version/apple mac os x/10.14.6-security_update_2019-006
- version/apple mac os x/10.14.6-security_update_2019-007
- version/apple mac os x/10.14.6-security_update_2020-001
- version/apple mac os x/10.14.6-security_update_2020-002
- version/apple mac os x/10.14.6-security_update_2020-003
- version/apple mac os x/10.14.6-supplemental_update
- version/apple mac os x/10.14.6-supplemental_update_2