CVE-2018-18444
Ubuntu Security Notice USN-4339-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
makeMultiView.cpp en exrmultiview en OpenEXR 2.3.0 tiene una escritura fuera de límites, lo que conduce a un fallo de aserción o, posiblemente, a otro tipo de impacto sin especificar.
Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-17 CVE Reserved
- 2018-10-17 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/openexr/openexr/releases/tag/v2.4.0 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://github.com/openexr/openexr/issues/351 | 2024-08-05 |
| URL | Date | SRC |
|---|