DSA-1842-1 openexr -- severalID: oval:org.secpod.oval:def:600363 | Date: (C)2011-05-13 (M)2024-02-15 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the OpenEXR image library, which can lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1720 Drew Yao discovered integer overflows in the preview and compression code. CVE-2009-1721 Drew Yao discovered that an uninitialised pointer could be freed in the decompression code. CVE-2009-1722 A buffer overflow was discovered in the compression code. For the old stable distribution , these problems have been fixed in version 1.2.2-4.3+etch2. For the stable distribution , these problems have been fixed in version 1.6.1-3+lenny3. For the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your openexr packages.
Platform: |
Debian 5.0 |
Debian 4.0 |