September 14, 2009

Ubuntu Security Notice 831-1: OpenEXR vulnerabilities

Article Source Ubuntu Security Notices
September 14, 2009, 11:11 am

Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1720, CVE-2009-1721)

It was discovered that OpenEXR did not properly handle certain malformed EXR image files...

Read More

Click Here!