FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenEXR -- multiple remote code execution and denial of service vulnerabilities

Affected packages
OpenEXR < 2.2.1

Details

VuXML ID 803879e9-4195-11e7-9b08-080027ef73ec
Discovery 2017-01-12
Entry 2017-05-25

Brandon Perry reports:

[There] is a zip file of EXR images that cause segmentation faults in the OpenEXR library (tested against 2.2.0).

References

CVE Name CVE-2017-9110
CVE Name CVE-2017-9111
CVE Name CVE-2017-9112
CVE Name CVE-2017-9113
CVE Name CVE-2017-9114
CVE Name CVE-2017-9115
CVE Name CVE-2017-9116
URL http://www.openwall.com/lists/oss-security/2017/05/12/5
URL https://github.com/openexr/openexr/issues/232