CVE-2020-15304
Gentoo Linux Security Advisory 202107-27
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Un archivo de entrada de mosaico no válido podría provocar un acceso de la memoria no válido en la función TiledInputFile::TiledInputFile() en el archivo IlmImf/ImfTiledInputFile.cpp, como es demostrado por una desreferencia del puntero NULL
An update that fixes three vulnerabilities is now available. This update for openexr fixes the following issues. Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile. Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile. Fixed a heap buffer overflow in getChunkOffsetTableSize. This update was imported from the SUSE:SLE-15:Update update project.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-26 CVE Reserved
- 2020-06-26 CVE Published
- 2024-08-04 CVE Updated
- 2025-05-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md | Release Notes | |
| https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md | Third Party Advisory | |
| https://github.com/AcademySoftwareFoundation/openexr/pull/727 | Third Party Advisory | |
| https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openexr Search vendor "Openexr" | Openexr Search vendor "Openexr" for product "Openexr" | < 2.5.2 Search vendor "Openexr" for product "Openexr" and version " < 2.5.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||