DEBIAN-CVE-2017-14988

DEBIAN-CVE-2017-14988 PUBLISHED CVSS 5.5 MEDIUM

Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid

Risk Scores

CVSS 3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	openexr	0, 3.1.13-1, 3.1.13-2
Debian:14	openexr	0, 3.1.13-2, 3.4.6+ds
Debian:11	openexr	3.1.5-5, 3.1.5-5.1, 3.1.5-5.1+hurd.1
Debian:13	openexr	0, 3.1.13-2, 3.4.6+ds

Timeline

Oct 3, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-14988 advisory

Open in Interactive Console →