Details of VAR-202004-0475

ID

VAR-202004-0475

CVE

CVE-2020-11765

TITLE

OpenEXR Vulnerability in determining boundary conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004075

DESCRIPTION

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. OpenEXR There is a vulnerability in determining boundary conditions.Service operation interruption (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A security vulnerability exists in LIM OpenEXR versions prior to 2.4.1. An attacker could exploit this vulnerability to crash the application or obtain information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenEXR: Multiple vulnerabilities Date: July 11, 2021 Bugs: #717474, #746794, #762862, #770229, #776808 ID: 202107-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code. Background ========== OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/openexr < 2.5.6 >= 2.5.6 Description =========== Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenEXR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6" References ========== [ 1 ] CVE-2020-11758 https://nvd.nist.gov/vuln/detail/CVE-2020-11758 [ 2 ] CVE-2020-11759 https://nvd.nist.gov/vuln/detail/CVE-2020-11759 [ 3 ] CVE-2020-11760 https://nvd.nist.gov/vuln/detail/CVE-2020-11760 [ 4 ] CVE-2020-11761 https://nvd.nist.gov/vuln/detail/CVE-2020-11761 [ 5 ] CVE-2020-11762 https://nvd.nist.gov/vuln/detail/CVE-2020-11762 [ 6 ] CVE-2020-11763 https://nvd.nist.gov/vuln/detail/CVE-2020-11763 [ 7 ] CVE-2020-11764 https://nvd.nist.gov/vuln/detail/CVE-2020-11764 [ 8 ] CVE-2020-11765 https://nvd.nist.gov/vuln/detail/CVE-2020-11765 [ 9 ] CVE-2020-15304 https://nvd.nist.gov/vuln/detail/CVE-2020-15304 [ 10 ] CVE-2020-15305 https://nvd.nist.gov/vuln/detail/CVE-2020-15305 [ 11 ] CVE-2020-15306 https://nvd.nist.gov/vuln/detail/CVE-2020-15306 [ 12 ] CVE-2021-20296 https://nvd.nist.gov/vuln/detail/CVE-2021-20296 [ 13 ] CVE-2021-3474 https://nvd.nist.gov/vuln/detail/CVE-2021-3474 [ 14 ] CVE-2021-3475 https://nvd.nist.gov/vuln/detail/CVE-2021-3475 [ 15 ] CVE-2021-3476 https://nvd.nist.gov/vuln/detail/CVE-2021-3476 [ 16 ] CVE-2021-3477 https://nvd.nist.gov/vuln/detail/CVE-2021-3477 [ 17 ] CVE-2021-3478 https://nvd.nist.gov/vuln/detail/CVE-2021-3478 [ 18 ] CVE-2021-3479 https://nvd.nist.gov/vuln/detail/CVE-2021-3479 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-27 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-4339-1 April 27, 2020 openexr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenEXR. Software Description: - openexr: tools for the OpenEXR image format Details: Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444) Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764) It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04: libopenexr24 2.3.0-6ubuntu0.1 openexr 2.3.0-6ubuntu0.1 Ubuntu 19.10: libopenexr23 2.2.1-4.1ubuntu1.1 openexr 2.2.1-4.1ubuntu1.1 Ubuntu 18.04 LTS: libopenexr22 2.2.0-11.1ubuntu1.2 openexr 2.2.0-11.1ubuntu1.2 Ubuntu 16.04 LTS: libopenexr22 2.2.0-10ubuntu2.2 openexr 2.2.0-10ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4339-1 CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765 Package Information: https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1 https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1 https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2 https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2 . For the stable distribution (buster), these problems have been fixed in version 2.2.1-4.1+deb10u1. We recommend that you upgrade your openexr packages. For the detailed security status of openexr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openexr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkM8ACgkQEMKTtsN8 TjYiCxAAqny8A+WbtYBonQ42ciQ2Hc1f90CI6l1Gp/ZK7RARL7+cLOHTh+hEniIG G6cwDGAwAgOtNPer+bT8Mwx6gF8bTii3nF5MMhiN22L7buzHruxsqpC+g94MeZHW vn6GpkTCPSHW5m4+O3pwrYDK3lr5ucNwPVegcXqtJuG0SrhY9VyTrtmzwtoP0YVx ANOpJhCLNEU5vIdEpzIfdjAoM6nsGG/FDN5sP2B9sEB69s7dQXAX5ksuu4Rg71bo W7OjAWB+1MIuFT2blax4Z0qD9Nuiy252AM9MAzMmdBPsFnix0/E2lmyd2OGknUkY l+sq61TR7pA7AVbtLpLBy2fKFS/Jj1KTFI6J+GmZiOBGAzHrWevjyclYBRI0exVg zKnI2IdO9f0qdeTiZhtAcSEV8hb1mSoo0fPRM0ZGxdMV0MTNeOmj+doTTw+SlSJK 3iyKUDgRy60JjQMq8gBaPSRl6tuTjEdFzbJLsFPvZVY5vQsy4KIuh024RrEjri0c R2oLvboIS2xddK+T/9NPc15vruZiUut0j/3EsBqbDn3hBXMpQb0NFv0kuC+uvmwZ UgxRA32shnjcUES8+TBqeB+cvMnukTlOfqQEY2VNhG//45gcQH6rEcf45W07XTGD djd3v06+rkeUhfuZHL9OAOj2BowTrp9CRooWT1dufPPUkL1aoUY= =FDcC -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2020-11765 // JVNDB: JVNDB-2020-004075 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-164376 // VULMON: CVE-2020-11765 // PACKETSTORM: 163465 // PACKETSTORM: 157403 // PACKETSTORM: 168903

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	lt	version:	12.10.8	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.20	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	13.4.8	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.6	Trust: 1.0
vendor:	openexr	model:	openexr	scope:	lt	version:	2.4.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	13.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.6	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	13.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.14.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.13.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	apple	model:	icloud	scope:	gte	version:	10.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	6.2.8	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	11.3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	openexr	model:	openexr	scope:	eq	version:	2.4.1	Trust: 0.8
vendor:	openexr	model:	openexr	scope:	eq	version:	1.0.4	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.0.7	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.1.0	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.1.1	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.2.1	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.2.2	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.3.0	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.3.1	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.3.2	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.4.0	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.7.0	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	1.7.1	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	2.0.0	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	2.0.1	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	2.1.0	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	2.2.0	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	2.2.1	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	2.3.0	Trust: 0.1
vendor:	openexr	model:	openexr	scope:	eq	version:	2.4.0	Trust: 0.1

sources: VULMON: CVE-2020-11765 // JVNDB: JVNDB-2020-004075 // NVD: CVE-2020-11765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11765
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004075
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-965
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-164376
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-11765
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-11765
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-004075
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-164376
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-11765
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004075
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164376 // VULMON: CVE-2020-11765 // JVNDB: JVNDB-2020-004075 // CNNVD: CNNVD-202004-965 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-11765

PROBLEMTYPE DATA

problemtype:	CWE-193	Trust: 1.9
problemtype:	CWE-125	Trust: 1.1

sources: VULHUB: VHN-164376 // JVNDB: JVNDB-2020-004075 // NVD: CVE-2020-11765

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-965

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202004-965 // CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004075

PATCH

title:	OpenEXR Release Notes	url:	https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020	Trust: 0.8
title:	AcademySoftwareFoundation/openexr	url:	https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1	Trust: 0.8
title:	Industrial Light and Magic OpenEXR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115984	Trust: 0.6
title:	Debian CVElist Bug Report Logs: openexr: CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c611c9f78ad3458919de1d9728e6b32b	Trust: 0.1
title:	Ubuntu Security Notice: openexr vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4339-1	Trust: 0.1

sources: VULMON: CVE-2020-11765 // JVNDB: JVNDB-2020-004075 // CNNVD: CNNVD-202004-965

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11765	Trust: 2.9
db:	PACKETSTORM	id:	163465	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004075	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-965	Trust: 0.7
db:	PACKETSTORM	id:	157403	Trust: 0.7
db:	CS-HELP	id:	SB2021071101	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1816	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1448	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2985	Trust: 0.6
db:	NSFOCUS	id:	50000	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CNVD	id:	CNVD-2020-24158	Trust: 0.1
db:	VULHUB	id:	VHN-164376	Trust: 0.1
db:	VULMON	id:	CVE-2020-11765	Trust: 0.1
db:	PACKETSTORM	id:	168903	Trust: 0.1

sources: VULHUB: VHN-164376 // VULMON: CVE-2020-11765 // JVNDB: JVNDB-2020-004075 // PACKETSTORM: 163465 // PACKETSTORM: 157403 // PACKETSTORM: 168903 // CNNVD: CNNVD-202004-965 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-11765

REFERENCES

url:	https://usn.ubuntu.com/4339-1/	Trust: 1.9
url:	https://security.gentoo.org/glsa/202107-27	Trust: 1.8
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=1987	Trust: 1.8
url:	https://github.com/academysoftwarefoundation/openexr/blob/master/changes.md#version-241-february-11-2020	Trust: 1.8
url:	https://github.com/academysoftwarefoundation/openexr/releases/tag/v2.4.1	Trust: 1.8
url:	https://support.apple.com/kb/ht211288	Trust: 1.7
url:	https://support.apple.com/kb/ht211289	Trust: 1.7
url:	https://support.apple.com/kb/ht211290	Trust: 1.7
url:	https://support.apple.com/kb/ht211291	Trust: 1.7
url:	https://support.apple.com/kb/ht211293	Trust: 1.7
url:	https://support.apple.com/kb/ht211294	Trust: 1.7
url:	https://support.apple.com/kb/ht211295	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4755	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11765	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4kfgdqg5pvyau7ts5mz7xcs6empvii3/	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11765	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2985/	Trust: 0.6
url:	https://support.apple.com/en-us/ht211291	Trust: 0.6
url:	https://packetstormsecurity.com/files/157403/ubuntu-security-notice-usn-4339-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1448/	Trust: 0.6
url:	https://support.apple.com/en-us/ht211295	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1816/	Trust: 0.6
url:	https://packetstormsecurity.com/files/163465/gentoo-linux-security-advisory-202107-27.html	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50000	Trust: 0.6
url:	https://vigilance.fr/vulnerability/openexr-multiple-vulnerabilities-32108	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071101	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11761	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11758	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11762	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15305	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11763	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15306	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11764	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11759	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11760	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9111	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/193.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3476	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3478	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20296	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3479	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15304	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3474	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3475	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3477	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18444	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2	Trust: 0.1
url:	https://usn.ubuntu.com/4339-1	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openexr	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9115	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9113	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9114	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.7

sources: PACKETSTORM: 157403 // CNNVD: CNNVD-202004-965

SOURCES

db:	VULHUB	id:	VHN-164376
db:	VULMON	id:	CVE-2020-11765
db:	JVNDB	id:	JVNDB-2020-004075
db:	PACKETSTORM	id:	163465
db:	PACKETSTORM	id:	157403
db:	PACKETSTORM	id:	168903
db:	CNNVD	id:	CNNVD-202004-965
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2020-11765

LAST UPDATE DATE

2024-11-23T21:01:33.688000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164376	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2020-11765	date:	2020-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-004075	date:	2020-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202004-965	date:	2022-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2020-11765	date:	2024-11-21T04:58:33.867

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164376	date:	2020-04-14T00:00:00
db:	VULMON	id:	CVE-2020-11765	date:	2020-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-004075	date:	2020-05-07T00:00:00
db:	PACKETSTORM	id:	163465	date:	2021-07-12T15:22:22
db:	PACKETSTORM	id:	157403	date:	2020-04-27T15:19:30
db:	PACKETSTORM	id:	168903	date:	2020-08-28T19:12:00
db:	CNNVD	id:	CNNVD-202004-965	date:	2020-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2020-11765	date:	2020-04-14T23:15:12.560