{"id":"USN-4148-1","summary":"openexr vulnerabilities","details":"It was discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image file,\na remote attacker could cause a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12596)\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2017-9110, CVE-2017-9112, CVE-2017-9116)\n\nBrandon Perry discovered that OpenEXR incorrectly handled certain malformed\nEXR image files. If a user were tricked into opening a crafted EXR image\nfile, a remote attacker could cause a denial of service, or possibly\nexecute arbitrary code. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)\n\nTan Jie discovered that OpenEXR incorrectly handled certain malformed EXR\nimage files. If a user were tricked into opening a crafted EXR image file,\na remote attacker could cause a denial of service, or possibly execute\narbitrary code. (CVE-2018-18444)\n","modified":"2026-02-10T04:41:39Z","published":"2019-10-07T11:22:21Z","related":["UBUNTU-CVE-2017-12596","UBUNTU-CVE-2017-9110","UBUNTU-CVE-2017-9111","UBUNTU-CVE-2017-9112","UBUNTU-CVE-2017-9113","UBUNTU-CVE-2017-9115","UBUNTU-CVE-2017-9116","UBUNTU-CVE-2018-18444"],"upstream":["CVE-2017-12596","CVE-2017-9110","CVE-2017-9111","CVE-2017-9112","CVE-2017-9113","CVE-2017-9115","CVE-2017-9116","CVE-2018-18444","UBUNTU-CVE-2017-12596","UBUNTU-CVE-2017-9110","UBUNTU-CVE-2017-9111","UBUNTU-CVE-2017-9112","UBUNTU-CVE-2017-9113","UBUNTU-CVE-2017-9115","UBUNTU-CVE-2017-9116","UBUNTU-CVE-2018-18444"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4148-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9110"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9111"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9112"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9113"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9115"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9116"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-12596"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-18444"}],"affected":[{"package":{"name":"openexr","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/openexr@2.2.0-10ubuntu2.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-10ubuntu2.1"}]}],"versions":["2.2.0-1ubuntu3","2.2.0-7ubuntu1","2.2.0-9ubuntu1","2.2.0-10ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.2.0-10ubuntu2.1","binary_name":"libopenexr-dev"},{"binary_version":"2.2.0-10ubuntu2.1","binary_name":"libopenexr22"},{"binary_version":"2.2.0-10ubuntu2.1","binary_name":"openexr"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4148-1.json","cves_map":{"cves":[{"id":"CVE-2017-9110","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-9111","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-9112","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-9113","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-9115","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-9116","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-12596","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-18444","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:16.04:LTS"}}},{"package":{"name":"openexr","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/openexr@2.2.0-11.1ubuntu1.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-11.1ubuntu1.1"}]}],"versions":["2.2.0-11ubuntu1","2.2.0-11.1ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.2.0-11.1ubuntu1.1","binary_name":"libopenexr-dev"},{"binary_version":"2.2.0-11.1ubuntu1.1","binary_name":"libopenexr22"},{"binary_version":"2.2.0-11.1ubuntu1.1","binary_name":"openexr"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4148-1.json","cves_map":{"cves":[{"id":"CVE-2017-9111","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-9113","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-9115","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-18444","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:18.04:LTS"}}}],"schema_version":"1.7.3"}