OpenEXR 多个整数溢出漏洞

admin

0
文章

0
评论

2022-07-23 14:55:20 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

OpenEXR 多个整数溢出漏洞

CNNVD编号：CNNVD-200907-446
危害等级：中危
CVE编号： CVE-2009-1720
漏洞类型：数字错误
发布时间： 2009-07-31
威胁类型：远程
更新时间： 2009-08-13
厂商： openexr
漏洞来源： Drew Yao

漏洞简介

OpenEXR 存在多个整数溢出漏洞，远程攻击者通过触发堆缓冲区溢出的未明向量导致拒绝服务攻击或执行任意代码。该漏洞与(1) 程序Imf：：PreviewImage：：PreviewImage 和 (2)压缩机构造器相关。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Debian Linux 5.0 ia-64

Debian libopenexr-dev_1.6.1-3+lenny3_ia64.deb

http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_ 1.6.1-3+lenny3_ia64.deb

Debian libopenexr6_1.6.1-3+lenny3_ia64.deb

http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6 .1-3+lenny3_ia64.deb

Debian openexr_1.6.1-3+lenny3_ia64.deb

http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3 +lenny3_ia64.deb

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu libopenexr-dev_1.2.2-4.4ubuntu1.1_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ub untu1.1_powerpc.deb

Ubuntu libopenexr2ldbl_1.2.2-4.4ubuntu1.1_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4u buntu1.1_powerpc.deb

Ubuntu openexr_1.2.2-4.4ubuntu1.1_powerpc.deb

http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubunt u1.1_powerpc.deb

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu libopenexr-dev_1.6.1-3ubuntu1.8.10.1_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubun tu1.8.10.1_powerpc.deb

Ubuntu libopenexr6_1.6.1-3ubuntu1.8.10.1_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openexr/libopenexr6_1.6.1-3ubuntu1 .8.10.1_powerpc.deb

Ubuntu openexr_1.6.1-3ubuntu1.8.10.1_powerpc.deb

http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.6.1-3ubuntu1 .8.10.1_powerpc.deb

Ubuntu Ubuntu Linux 8.04 LTS sparc

Ubuntu libopenexr-dev_1.2.2-4.4ubuntu1.1_sparc.deb

http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ub untu1.1_sparc.deb

Ubuntu libopenexr2ldbl_1.2.2-4.4ubuntu1.1_sparc.deb

http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4u buntu1.1_sparc.deb

Ubuntu openexr_1.2.2-4.4ubuntu1.1_sparc.deb

http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubunt u1.1_sparc.deb

Debian Linux 5.0 alpha

Debian libopenexr-dev_1.6.1-3+lenny3_alpha.deb

http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_ 1.6.1-3+lenny3_alpha.deb

Debian libopenexr6_1.6.1-3+lenny3_alpha.deb

http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6 .1-3+lenny3_alpha.deb

Debian openexr_1.6.1-3+lenny3_alpha.deb

http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3 +lenny3_alpha.deb

MandrakeSoft Linux Mandrake 2008.0 x86_64

Mandriva lib64OpenEXR-devel-1.4.0-3.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva lib64OpenEXR4-1.4.0-3.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva OpenEXR-1.4.0-3.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.04 LTS amd64

Ubuntu libopenexr-dev_1.2.2-4.4ubuntu1.1_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1 .2.2-4.4ubuntu1.1_amd64.deb

Ubuntu libopenexr2ldbl_1.2.2-4.4ubuntu1.1_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_ 1.2.2-4.4ubuntu1.1_amd64.deb

Ubuntu openexr_1.2.2-4.4ubuntu1.1_amd64.deb

http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2. 2-4.4ubuntu1.1_amd64.deb

MandrakeSoft Linux Mandrake 2008.0

Mandriva libOpenEXR-devel-1.4.0-3.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva libOpenEXR4-1.4.0-3.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva OpenEXR-1.4.0-3.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Debian Linux 5.0 mipsel

Debian libopenexr-dev_1.6.1-3+lenny3_mipsel.deb

http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_ 1.6.1-3+lenny3_mipsel.deb

Debian libopenexr6_1.6.1-3+lenny3_mipsel.deb

http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6 .1-3+lenny3_mipsel.deb

Debian openexr_1.6.1-3+lenny3_mipsel.deb

http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3 +lenny3_mipsel.deb

Ubuntu Ubuntu Linux 9.04 sparc

Ubuntu libopenexr-dev_1.6.1-3ubuntu1.9.04.1_sparc.deb

http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.6.1-3ubun tu1.9.04.1_sparc.deb

Ubuntu libopenexr6_1.6.1-3ubuntu1.9.04.1_sparc.de

参考网址

来源; US-CERT

名称: TA09-218A

链接:http://www.us-cert.gov/cas/techalerts/TA09-218A.HTML

来源: BID

名称: 35838

链接:http://www.securityfocus.com/bid/35838

来源: DEBIAN

名称: DSA-1842

链接:http://www.debian.org/security/2009/dsa-1842

来源: security.debian.org

链接:http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz

来源: security.debian.org

链接:http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz

来源: release.debian.org

链接:http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff

来源: FEDORA

名称: FEDORA-2009-8136

链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.HTML

来源: FEDORA

名称: FEDORA-2009-8132

链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.HTML

来源: VUPEN

名称: ADV-2009-2172

链接:http://www.vupen.com/english/advisories/2009/2172

来源: VUPEN

名称: ADV-2009-2035

链接:http://www.vupen.com/english/advisories/2009/2035

来源: SECTRACK

名称: 1022674

链接:http://www.securitytracker.com/id?1022674

来源: MANDRIVA

名称: MDVSA-2009:191

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:191

来源: MANDRIVA

名称: MDVSA-2009:190

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:190

来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com

链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3757

来源: SECUNIA

名称: 36123

链接:http://secunia.com/advisories/36123

来源: SECUNIA

名称: 36096

链接:http://secunia.com/advisories/36096

来源: SECUNIA

名称: 36032

链接:http://secunia.com/advisories/36032

来源: SECUNIA

名称: 36030

链接:http://secunia.com/advisories/36030

来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple

名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-08-05-1

链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Aug/msg00001.HTML

受影响实体

Openexr Openexr:1.6.1
Openexr Openexr:1.2.2

补丁

暂无

特别声明

本站(ZONE.CI)所有文章仅供技术研究，若将其信息做其他用途，由用户承担全部法律及连带责任，本站不承担任何法律及连带责任，请遵守中华人民共和国安全法.

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

咨询加Q：999999999

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

ZONE.CI 全球网安全领域涉猎者-乌云独行地带

ZONE.CI 全球网

Plugins

WordPress

Web前端

设计资源

OpenEXR 多个整数溢出漏洞

漏洞信息详情

OpenEXR 多个整数溢出漏洞

漏洞简介

漏洞公告

参考网址

受影响实体

补丁

XOOPS 多个本地目录遍历漏洞

HP ProLiant Onboard Administrator Powered by LO100i 远程拒绝服务漏洞

OpenEXR 多个整数溢出漏洞

Microsoft Internet Explorer和Windows 资源管理错误漏洞

Cisco无线LAN控制器非授权修改配置漏洞

Microsoft Visual Studio ATL空字符串信息泄露漏洞

Microsoft Internet Explorer和Windows 代码注入漏洞

Microsoft Internet Explorer和Windows 代码注入漏洞

Firebird SQL op_connect_request请求远程拒绝服务漏洞

Microsoft Visual Studio ATL库COM对象初始化代码执行漏洞

ZONE.CI 全球网