Unrated severityNVD Advisory· Published Jul 31, 2009· Updated Apr 23, 2026
CVE-2009-1720
CVE-2009-1720
Description
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffnvdPatch
- security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gznvdPatch
- security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gznvdPatch
- www.debian.org/security/2009/dsa-1842nvdPatch
- www.securityfocus.com/bid/35838nvdPatch
- secunia.com/advisories/36030nvdVendor Advisory
- secunia.com/advisories/36032nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2035nvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA09-218A.htmlnvdUS Government Resource
- lists.apple.com/archives/security-announce/2009/Aug/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.htmlnvd
- secunia.com/advisories/36096nvd
- secunia.com/advisories/36123nvd
- secunia.com/advisories/36753nvd
- support.apple.com/kb/HT3757nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/USN-831-1nvd
- www.vupen.com/english/advisories/2009/2172nvd
- github.com/openexr/openexr/blob/master/CHANGES.mdnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.htmlnvd
News mentions
0No linked articles in our index yet.