LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openexr: several vulnerabilities

Package(s):openexr CVE #(s):CVE-2009-1720 CVE-2009-1721 CVE-2009-1722
Created:July 28, 2009 Updated:December 8, 2009
Description: From the Debian advisory: Several vulnerabilities have been discovered in the OpenEXR image library, which can lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

Drew Yao discovered integer overflows in the preview and compression code. (CVE-2009-1720)

Drew Yao discovered that an uninitialised pointer could be freed in the decompression code. (CVE-2009-1721)

A buffer overflow was discovered in the compression code. (CVE-2009-1722)

Alerts:
Mandriva MDVSA-2009:191-1 2009-12-08
Ubuntu USN-831-1 2009-09-14
SuSE SUSE-SR:2009:014 2009-09-01
Mandriva MDVSA-2009:191 2009-08-02
Mandriva MDVSA-2009:190 2009-08-02
Fedora FEDORA-2009-8132 2009-07-31
Fedora FEDORA-2009-8136 2009-07-31
Debian DSA-1842-1 2009-07-28
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds