CVE-2020-11760
- Source
- https://cve.org/CVERecord?id=CVE-2020-11760
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11760.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-11760
- Downstream
- Related
- Published
- 2020-04-14T23:15:12.277Z
- Modified
- 2026-04-02T02:10:07.084006Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1
- https://support.apple.com/kb/HT211290
- https://support.apple.com/kb/HT211293
- https://www.debian.org/security/2020/dsa-4755
- https://support.apple.com/kb/HT211289
- https://support.apple.com/kb/HT211291
- https://usn.ubuntu.com/4339-1/
- https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020
- https://support.apple.com/kb/HT211294
- https://support.apple.com/kb/HT211295
- https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html
- https://security.gentoo.org/glsa/202107-27
- https://support.apple.com/kb/HT211288
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
Affected packages
Git / github.com/academysoftwarefoundation/openexr
Affected ranges
- Type
- GIT
- Repo
- https://github.com/academysoftwarefoundation/openexr
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
D_EXR_1_0
ILMBASE_1_0_2
OPENEXR_1_0_4
OPENEXR_1_0_7
OPENEXR_1_1_0
OPENEXR_1_1_1
OPENEXR_1_2_1
OPENEXR_1_2_2
OPENEXR_1_3_0
OPENEXR_1_3_1
OPENEXR_1_3_2
OPENEXR_1_4_0
OPENEXR_1_4_0a
OPENEXR_1_7_0
OPENEXR_VIEWERS_1_0_2
PHOTOSHOP_1_0
start
v1.*
v1.7.1
v2.*
v2.0.0
v2.0.0.GM
v2.0.0.beta.1
v2.0.0.beta.2
v2.0.1
v2.1.0
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.4.0
v2.4.0-beta.1
v2.5.0
v2.5.1
v2.5.10
v2.5.10-rc
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.7-rc1
v2.5.8
v2.5.8-rc
v2.5.9
v3.*
v3.0.0-beta
v3.0.1
v3.0.1-beta
v3.0.2
v3.0.3
v3.0.4
v3.0.4-rc1
v3.0.5
v3.0.5-rc1
v3.0.5-rc2
v3.1.0
v3.1.0-rc1
v3.1.1
v3.1.1-rc
v3.1.10
v3.1.10-rc
v3.1.11
v3.1.11-rc
v3.1.12
v3.1.12-rc
v3.1.12-rc2
v3.1.12-rc3
v3.1.12-rc4
v3.1.13
v3.1.13-rc
v3.1.2
v3.1.2-rc
v3.1.2-rc2
v3.1.3
v3.1.3-rc
v3.1.4
v3.1.4-rc
v3.1.5
v3.1.5-rc
v3.1.6
v3.1.6-rc
v3.1.7
v3.1.7-rc
v3.1.8
v3.1.8-rc
v3.1.8-rc2
v3.1.8-rc3
v3.1.8-rc4
v3.1.8-rc5
v3.1.9
v3.1.9-rc
v3.1.9-rc2
v3.1.9-rc3
v3.2.0
v3.2.0-rc
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.2.1
v3.2.1-rc
v3.2.2
v3.2.2-rc
v3.2.2-rc2
v3.2.3
v3.2.3-rc
v3.2.3-rc2
v3.2.4
v3.2.4-rc
v3.2.4-rc2
v3.2.5
v3.2.5-rc
v3.2.6
v3.2.6-rc
v3.3.0
v3.3.0-rc
v3.3.0-rc1
v3.3.0-rc2
v3.3.1
v3.3.1-rc
v3.3.2
v3.3.2-rc
v3.3.2-rc2
v3.3.2-rc3
v3.3.2-rc4
v3.3.3
v3.3.3-rc
v3.3.3-rc1
v3.3.4
v3.3.4-rc
v3.3.5
v3.3.5-rc
v3.3.5-rc2
v3.3.5-rc3
v3.3.6
v3.3.6-rc
v3.3.6-rc2
v3.3.6-rc3
v3.3.6-rc4
v3.3.7
v3.3.7-rc
v3.3.7-rc2
v3.3.7-rc3
v3.3.7-rc4
v3.3.8
v3.3.8-rc
v3.4-alpha
v3.4.0
v3.4.0-rc
v3.4.0-rc2
v3.4.1
v3.4.1-rc
v3.4.1-rc2
v3.4.2
v3.4.2-rc
v3.4.2-rc2
v3.4.3
v3.4.3-rc
v3.4.3-rc2
v3.4.3-rc3
v3.4.4
v3.4.4-rc
v3.4.4-rc2
v3.4.5
v3.4.5-rc
v3.4.6
v3.4.6-rc
v3.4.7
v3.4.7-rc
v3.4.8
v3.4.8-rc
v3.4.9-rc
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11760.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.20"
}
]
},
{
"events": [
{
"introduced": "10.0"
},
{
"fixed": "11.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.10.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.15.6"
}
]
},
{
"events": [
{
"introduced": "10.13.0"
},
{
"fixed": "10.13.6"
}
]
},
{
"events": [
{
"introduced": "10.14.0"
},
{
"fixed": "10.14.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2018\\-002"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2018\\-003"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2019\\-001"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2019\\-002"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2019\\-003"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2019\\-004"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2019\\-005"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2019\\-006"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2019\\-007"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2020\\-001"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2020\\-002"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.13.6-security_update_2020\\-003"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-security_update_2019\\-001"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-security_update_2019\\-002"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-security_update_2019\\-004"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-security_update_2019\\-005"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-security_update_2019\\-006"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-security_update_2019\\-007"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-security_update_2020\\-001"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-security_update_2020\\-002"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.14.6-security_update_2020\\-003"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.4.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.8"
}
]
}
]