Source: openexr Version: 2.2.0-11.1 Severity: important Tags: upstream security Forwarded: https://github.com/openexr/openexr/issues/238
Hi, the following vulnerability was published for openexr, filling this bug to track the upstream issue at [1]. CVE-2017-12596[0]: | In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read | in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled | execution; it may result in denial of service or possibly unspecified | other impact. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12596 [1] https://github.com/openexr/openexr/issues/238 Please adjust the affected versions in the BTS as needed. Regards, Salvatore