Source: openexr Version: 2.2.0-11 Severity: important Tags: security upstream Forwarded: https://github.com/openexr/openexr/issues/248
Hi, the following vulnerability was published for openexr. CVE-2017-14988[0]: | Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote | attackers to cause a denial of service (excessive memory allocation) | via a crafted file that is accessed with the ImfOpenInputFile function | in IlmImf/ImfCRgbaFile.cpp. At the time of writing this bug report there is no upstream fix yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14988 [1] https://github.com/openexr/openexr/issues/248 Please adjust the affected versions in the BTS as needed, only 2.2.0 has been checked so far. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
