Cloud Foundry Logo
blog single gear
Blog
Security Advisory

USN-4339-1: OpenEXR vulnerabilities

by: May 14, 2020

USN-4339-1: OpenEXR vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04

Description

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)

Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)

Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765)

CVEs contained in this USN include: CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • cflinuxfs3
    • All versions prior to 0.177.0
  • CF Deployment
    • All versions prior to v13.0.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • cflinuxfs3
    • Upgrade All versions to 0.177.0 or greater
  • CF Deployment
    • Upgrade All versions to v13.0.0 or greater

History

2020-04-27: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-5807-1: libXpm vulnerabilities
Security Advisory

USN-5807-1: libXpm vulnerabilities

by Cloud Foundry Foundation Security Team February 24, 2023
CVE-2019-11277: Volume Services is vulnerable to an LDAP injection attack
Security Advisory

CVE-2019-11277: Volume Services is vulnerable to an LDAP injection attack

by Cloud Foundry Foundation Security Team September 23, 2019
USN-2868-1 DHCP vulnerability
Security Advisory

USN-2868-1 DHCP vulnerability

by Cloud Foundry Foundation Security Team January 19, 2016
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept