{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2009-1720", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff", "refsource" : "CONFIRM", "url" : "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff" }, { "name" : "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz", "refsource" : "CONFIRM", "url" : "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz" }, { "name" : "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz", "refsource" : "CONFIRM", "url" : "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz" }, { "name" : "http://support.apple.com/kb/HT3757", "refsource" : "CONFIRM", "url" : "http://support.apple.com/kb/HT3757" }, { "name" : "APPLE-SA-2009-08-05-1", "refsource" : "APPLE", "url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" }, { "name" : "DSA-1842", "refsource" : "DEBIAN", "url" : "http://www.debian.org/security/2009/dsa-1842" }, { "name" : "FEDORA-2009-8132", "refsource" : "FEDORA", "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html" }, { "name" : "FEDORA-2009-8136", "refsource" : "FEDORA", "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html" }, { "name" : "MDVSA-2009:190", "refsource" : "MANDRIVA", "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190" }, { "name" : "MDVSA-2009:191", "refsource" : "MANDRIVA", "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191" }, { "name" : "USN-831-1", "refsource" : "UBUNTU", "url" : "http://www.ubuntu.com/usn/USN-831-1" }, { "name" : "TA09-218A", "refsource" : "CERT", "url" : "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" }, { "name" : "35838", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/35838" }, { "name" : "1022674", "refsource" : "SECTRACK", "url" : "http://www.securitytracker.com/id?1022674" }, { "name" : "36030", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/36030" }, { "name" : "36032", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/36032" }, { "name" : "36096", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/36096" }, { "name" : "36123", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/36123" }, { "name" : "36753", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/36753" }, { "name" : "ADV-2009-2035", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2009/2035" }, { "name" : "ADV-2009-2172", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2009/2172" } ] } }