CVE-2020-11760

CVE Database · CVE-2020-11760

CVE-2020-11760

· MEDIUMModified

CVSS v3.1

5.5

EPSS

1.81%

Published

Apr 14, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-125

Affected Products (42)

openexr · openexr (up to 2.4.1)vulnerable

fedoraproject · fedoravulnerable

canonical · ubuntu_linuxvulnerable

opensuse · leapvulnerable

debian · debian_linuxvulnerable

apple · icloud (up to 7.20)

References (20)

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html

Mailing ListThird Party Advisory

https://bugs.chromium.org/p/project-zero/issues/detail?id=1987

ExploitThird Party Advisory

https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020

Release NotesThird Party Advisory

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html

Mailing List

KEV Catalog EPSS Scores Vendors All CVEs

apple · icloud (up to 11.3)vulnerable

apple · itunes (up to 12.10.8)vulnerable

apple · ipados (up to 13.6)vulnerable

apple · iphone_os (up to 13.6)vulnerable

apple · mac_os_x (up to 10.15.6)vulnerable

apple · mac_os_x (up to 10.13.6)vulnerable

apple · mac_os_x (up to 10.14.6)vulnerable

apple · mac_os_xvulnerable

apple · tvos (up to 13.4.8)vulnerable

apple · watchos (up to 6.2.8)vulnerable

Third Party Advisory

https://usn.ubuntu.com/4339-1/

Third Party Advisory