CVE-2017-12596 Information

Description

In OpenEXR 2.2.0 a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://github.com/openexr/openexr/issues/238 https://github.com/openexr/openexr/releases/tag/v2.3.0 https://github.com/xiaoqx/pocs/blob/master/openexr.md https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://usn.ubuntu.com/4148-1/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8