New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEGV exrmakepreview in makePreview.cpp:132 #493
Comments
CVE-2020-16588 seems to have been assigned for this issue. |
Please, communicate with NVD (https://nvd.nist.gov/info) and update the applicable version. As I understand it was fixed in 2.4.0. |
@theta682 when you say communicate with NVD, do you mean send an email to the "general contact" address? I don't spot tools or instructions on their website to update the applicable version on either the info page or on the page specifically for this issue. (https://nvd.nist.gov/vuln/detail/CVE-2020-16588) |
Hi all, I requested a CVE for this bugs several months ago, and recently this one has been asssigned a CVE. In my report, I showed that this bug has been fixed by the developers. You can see the fix commit in the references. So I think we don't need to do anything. Best, |
Great, thanks for looking into it! |
@meshula on https://nvd.nist.gov/info you can find the e-mail (nvd@nist.gov). Previously I contacted them and they updated the CVE which I asked to update. |
Hi,
I found a null pointer dereference bug on exrmakepreview (the latest commit 9410823 on master).
PoC: https://github.com/strongcourage/PoCs/blob/master/openexr_9410823/PoC_npd_generatePreview
Command: exrmakepreview -v $PoC /dev/null
ASAN says:
Thanks,
Manh Dung
The text was updated successfully, but these errors were encountered: