CVE-2009-1721

Severity

68%

Complexity

86%

Confidentiality

106%

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 15 years ago

2009-07-31 19:00:00

Last updated 12 years ago

2012-10-23 03:06:00

Affected Software

OpenEXR 1.2.2

1.2.2

References

APPLE-SA-2009-08-05-1

SUSE-SR:2009:014

http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff

Patch

36030

Vendor Advisory

36032

Vendor Advisory

36096

36123

36753

http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz

Patch

http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz

Patch

http://support.apple.com/kb/HT3757

DSA-1842

MDVSA-2009:190

MDVSA-2009:191

35838

Patch

1022674

USN-831-1

TA09-218A

US Government Resource

ADV-2009-2035

Vendor Advisory

ADV-2009-2172

FEDORA-2009-8132

FEDORA-2009-8136

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.