makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - OpenEXR: Out-of-bounds write in makeMultiView.cpp (CVE-2018-18444)

  - OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by     exrmultiview. (CVE-2018-18443)

  - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in     ImfOptimizedPixelReading.h. (CVE-2020-11758)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4339-1 advisory.

    Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user     were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or     possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111,     CVE-2017-9113, CVE-2017-9115)

    Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were     tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or     possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444)

    Samuel Gro discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were     tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or     possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761,     CVE-2020-11762, CVE-2020-11763, CVE-2020-11764)

    It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were     tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service.
    (CVE-2020-11765)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Cary Phillips reports :

OpenEXR (IlmBase) v2.4.0 fixes the following security vulnerabilities :

- CVE-2018-18444 Issue #351 Out of Memory

- CVE-2018-18443 Issue #350 heap-buffer-overflow

The relevant patches have been backported to the FreeBSD ports.

This update backports fixes for CVE-2018-18443 and CVE-2018-18444.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4148-1 advisory.

    It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were     tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or     possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12596)

    Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user     were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or     possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-9110, CVE-2017-9112,     CVE-2017-9116)

    Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user     were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or     possibly execute arbitrary code. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)

    Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were     tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or     possibly execute arbitrary code. (CVE-2018-18444)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for openexr fixes the following issues :

Security issue fixed :

CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109).

CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113).

CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115).

CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455).

CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp (bsc#1040112).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openexr fixes the following issues :

Security issue fixed :

  - CVE-2018-18444: Fixed Out-of-bounds write in     makeMultiView.cpp (bsc#1113455).

This update was imported from the SUSE:SLE-15:Update update project.

This update for openexr fixes the following issues :

Security issue fixed :

CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
199439	RHEL 8 : openexr (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
196102	RHEL 8 : openexr (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	high
136028	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenEXR vulnerabilities (USN-4339-1)	Nessus	Ubuntu Local Security Checks	high
132429	FreeBSD : OpenEXR -- heap buffer overflow, and out-of-memory bugs (e4d9dffb-2a32-11ea-9693-e1b3f6feec79)	Nessus	FreeBSD Local Security Checks	high
131205	Fedora 30 : mingw-OpenEXR (2019-ce3385517b)	Nessus	Fedora Local Security Checks	high
131199	Fedora 31 : mingw-OpenEXR / mingw-ilmbase (2019-5b062c4a3b)	Nessus	Fedora Local Security Checks	high
129712	Ubuntu 16.04 LTS / 18.04 LTS : OpenEXR vulnerabilities (USN-4148-1)	Nessus	Ubuntu Local Security Checks	high
127039	SUSE SLED12 / SLES12 Security Update : openexr (SUSE-SU-2019:1962-1)	Nessus	SuSE Local Security Checks	high
124292	openSUSE Security Update : openexr (openSUSE-2019-1265)	Nessus	SuSE Local Security Checks	high
124109	SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2019:0954-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2018-18444

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high