Skip to main content

Openexr CVE-2020-16588

MEDIUM
NULL Pointer Dereference (CWE-476)
2020-12-09 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 09, 2020 - 21:15 nvd
MEDIUM 5.5

DescriptionNVD

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.

AnalysisAI

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. Affected products include: Openexr, Debian Debian Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2018-18444 HIGH POC
8.8 Oct 17

makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possib

CVE-2026-27622 HIGH POC
8.4 Mar 03

Out-of-bounds heap write in OpenEXR's CompositeDeepScanLine::readPixels lets a crafted multi-part deep-scanline EXR file

CVE-2017-12596 HIGH POC
7.8 Aug 07

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp du

CVE-2026-26981 MEDIUM POC
6.5 Feb 24

OpenEXR versions 3.3.0-3.3.6 and 3.4.0-3.4.4 are vulnerable to a heap buffer overflow in file parsing due to improper in

CVE-2021-3598 MEDIUM POC
5.5 Jul 06

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. Rated medium severity (CV

CVE-2020-16589 MEDIUM POC
5.5 Dec 09

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.

CVE-2020-16587 MEDIUM POC
5.5 Dec 09

A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruct

CVE-2020-11765 MEDIUM POC
5.5 Apr 14

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticati

CVE-2020-11764 MEDIUM POC
5.5 Apr 14

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticati

CVE-2020-11763 MEDIUM POC
5.5 Apr 14

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticati

CVE-2020-11762 MEDIUM POC
5.5 Apr 14

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticati

CVE-2020-11761 MEDIUM POC
5.5 Apr 14

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticati

Share

CVE-2020-16588 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy