The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openexr openexr 1.2.2 |
||
openexr openexr 1.6.1 |
||
opensuse opensuse 11.0 |
||
opensuse opensuse 10.3 |
||
opensuse opensuse 10.0 |
||
apple mac os x |
||
debian debian linux 5.0 |
||
debian debian linux 4.0 |
||
canonical ubuntu linux 9.04 |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 8.04 |
||
fedoraproject fedora 11 |
||
fedoraproject fedora 10 |