CVE-2009-1721
OpenEXR 1.2.2 and 1.6.1 - Use-After-Free in Imf::hufUncompress
Title source: llmDescription
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
References (22)
Core 22
Core References
Mailing List vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT3757
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36123
Mailing List vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
Broken Link, Patch x_refsource_confirm
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36753
Broken Link, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2035
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36096
Mailing List vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1842
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36030
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36032
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Broken Link, Patch x_refsource_confirm
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
Broken Link, Patch x_refsource_confirm
http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35838
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022674
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-831-1
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2172
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
Scores
EPSS
0.0429
EPSS Percentile
89.8%
Details
CWE
CWE-824
Status
published
Products (13)
apple/mac_os_x
< 10.5.8
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
8.10
canonical/ubuntu_linux
9.04
debian/debian_linux
4.0
debian/debian_linux
5.0
fedoraproject/fedora
10
fedoraproject/fedora
11
openexr/openexr
1.2.2
openexr/openexr
1.6.1
... and 3 more
Published
Jul 31, 2009
Tracked Since
Feb 18, 2026