CVE-2020-16589

{"id": "CVE-2020-16589", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-12-09T21:15:14.977", "references": [{"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/AcademySoftwareFoundation/openexr/issues/494", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/AcademySoftwareFoundation/openexr/issues/494", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file."}, {"lang": "es", "value": "Se presenta un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en Academy Software Foundation OpenEXR versi\u00f3n 2.3.0 en la funci\u00f3n writeTileData en el archivo ImfTiledOutputFile.cpp que puede causar una denegaci\u00f3n de servicio por medio de un archivo EXR dise\u00f1ado"}], "lastModified": "2024-11-21T05:07:10.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openexr:openexr:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "211E2557-6796-4695-AE6C-80D0C537B2D9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}