Package: openexr6 Version: 1.6.1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for openexr6.
CVE-2009-1720[0]: | Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow | context-dependent attackers to cause a denial of service (application | crash) or possibly execute arbitrary code via unspecified vectors that | trigger heap-based buffer overflows, related to (1) the | Imf::PreviewImage::PreviewImage function and (2) compressor | constructors. NOTE: some of these details are obtained from third | party information. CVE-2009-1721[1]: | The decompression implementation in the Imf::hufUncompress function in | OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a | denial of service (application crash) or possibly execute arbitrary | code via vectors that trigger a free of an uninitialized pointer. CVE-2009-1722[2]: | Heap-based buffer overflow in the compression implementation in | OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of | service (application crash) or possibly execute arbitrary code via | unspecified vectors. These issues are already fixed in the stable releases. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1720 http://security-tracker.debian.net/tracker/CVE-2009-1720 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721 http://security-tracker.debian.net/tracker/CVE-2009-1721 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1722 http://security-tracker.debian.net/tracker/CVE-2009-1722 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
