Unrated severityNVD Advisory· Published Dec 9, 2020· Updated Aug 4, 2024
CVE-2020-16589
CVE-2020-16589
Description
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
Affected products
10- Academy Software Foundation/OpenEXRdescription
- osv-coords8 versionspkg:rpm/opensuse/openexr&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/openexr&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/openexr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/openexr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/openexr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openexr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openexr&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/openexr&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 2.2.1-lp151.4.15.1+ 7 more
- (no CPE)range: < 2.2.1-lp151.4.15.1
- (no CPE)range: < 2.2.1-lp152.7.8.1
- (no CPE)range: < 2.2.1-3.21.1
- (no CPE)range: < 2.2.1-3.21.1
- (no CPE)range: < 2.1.0-6.26.1
- (no CPE)range: < 2.1.0-6.26.1
- (no CPE)range: < 2.1.0-6.26.1
- (no CPE)range: < 2.1.0-6.26.1
Patches
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
3News mentions
0No linked articles in our index yet.