Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 627226 (CVE-2017-12596)

Summary: <media-libs/openexr-2.3.0: denial of service in hufDecode function (CVE-2017-12596)
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 620324    
Bug Blocks:    

Description Aleksandr Wagner (Kivak) 2017-08-07 08:04:01 UTC
CVE-2017-12596 (

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.