Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 633418 (CVE-2017-14988)

Summary: media-libs/openexr: denial of service via a crafted file that is accessed with the ImfOpenInputFile function
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/openexr/openexr/issues/248
See Also: https://github.com/gentoo/gentoo/pull/9729
Whiteboard: B3 [upstream cve]
Package list:
Runtime testing required: ---

Description Aleksandr Wagner (Kivak) 2017-10-04 00:14:45 UTC 
CVE-2017-14988 (https://nvd.nist.gov/vuln/detail/CVE-2017-14988):

Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.

References:

https://github.com/openexr/openexr/issues/248