First published: Tue Apr 14 2020(Updated: )
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
Credit: Xingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin AntXingwei Lin Ant cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iCloud for Windows | <11.3 | 11.3 |
Apple iTunes for Windows | <12.10.8 | 12.10.8 |
Apple iCloud for Windows | <7.20 | 7.20 |
Apple macOS Catalina | <10.15.6 | 10.15.6 |
Apple Mojave | ||
Apple High Sierra | ||
Apple watchOS | <6.2.8 | 6.2.8 |
Apple tvOS | <13.4.8 | 13.4.8 |
debian/openexr | 2.2.1-4.1+deb10u1 2.2.1-4.1+deb10u2 2.5.4-2+deb11u1 3.1.5-5 3.1.5-5.1 | |
Apple iOS | <13.6 | 13.6 |
Apple iPadOS | <13.6 | 13.6 |
ubuntu/openexr | <2.2.0-11.1ubuntu1.2 | 2.2.0-11.1ubuntu1.2 |
ubuntu/openexr | <2.2.1-4.1ubuntu1.1 | 2.2.1-4.1ubuntu1.1 |
ubuntu/openexr | <2.3.0-6ubuntu0.1 | 2.3.0-6ubuntu0.1 |
ubuntu/openexr | <2.2.0-10ubuntu2.2 | 2.2.0-10ubuntu2.2 |
Openexr Openexr | <2.4.1 | |
Fedoraproject Fedora | =32 | |
openSUSE Leap | =15.1 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Canonical Ubuntu Linux | =20.04 | |
Apple Icloud Windows | <7.20 | |
Apple Icloud Windows | >=10.0<11.3 | |
Apple Itunes Windows | <12.10.8 | |
Apple iPadOS | <13.6 | |
Apple iPhone OS | <13.6 | |
Apple Mac OS X | >=10.13.0<10.13.6 | |
Apple Mac OS X | >=10.14.0<10.14.6 | |
Apple Mac OS X | >=10.15<10.15.6 | |
Apple Mac OS X | =10.13.6 | |
Apple Mac OS X | =10.13.6-security_update_2018-002 | |
Apple Mac OS X | =10.13.6-security_update_2018-003 | |
Apple Mac OS X | =10.13.6-security_update_2019-001 | |
Apple Mac OS X | =10.13.6-security_update_2019-002 | |
Apple Mac OS X | =10.13.6-security_update_2019-003 | |
Apple Mac OS X | =10.13.6-security_update_2019-004 | |
Apple Mac OS X | =10.13.6-security_update_2019-005 | |
Apple Mac OS X | =10.13.6-security_update_2019-006 | |
Apple Mac OS X | =10.13.6-security_update_2019-007 | |
Apple Mac OS X | =10.13.6-security_update_2020-001 | |
Apple Mac OS X | =10.13.6-security_update_2020-002 | |
Apple Mac OS X | =10.13.6-security_update_2020-003 | |
Apple Mac OS X | =10.13.6-supplemental_update | |
Apple Mac OS X | =10.14.6 | |
Apple Mac OS X | =10.14.6-security_update_2019-001 | |
Apple Mac OS X | =10.14.6-security_update_2019-002 | |
Apple Mac OS X | =10.14.6-security_update_2019-004 | |
Apple Mac OS X | =10.14.6-security_update_2019-005 | |
Apple Mac OS X | =10.14.6-security_update_2019-006 | |
Apple Mac OS X | =10.14.6-security_update_2019-007 | |
Apple Mac OS X | =10.14.6-security_update_2020-001 | |
Apple Mac OS X | =10.14.6-security_update_2020-002 | |
Apple Mac OS X | =10.14.6-security_update_2020-003 | |
Apple Mac OS X | =10.14.6-supplemental_update | |
Apple Mac OS X | =10.14.6-supplemental_update_2 | |
Apple tvOS | <13.4.8 | |
Apple watchOS | <6.2.8 |
https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The vulnerability ID of this issue is CVE-2020-11765.
The affected software includes macOS Catalina, Mojave, High Sierra, iOS, iPadOS, watchOS, iCloud for Windows, tvOS, and iTunes for Windows.
The severity of CVE-2020-11765 is not specified in the information provided.
To fix CVE-2020-11765, make sure to update your affected software to the latest version provided by Apple.
You can find more information about CVE-2020-11765 in the references provided by Apple: [reference 1](https://support.apple.com/en-us/HT211289), [reference 2](https://support.apple.com/en-us/HT211295), [reference 3](https://support.apple.com/en-us/HT211288).