CVE-2018-18444

NameCVE-2018-18444
DescriptionmakeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openexr (PTS)jessie1.6.1-8vulnerable
stretch2.2.0-11vulnerable
buster, sid2.2.1-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openexrsource(unstable)(unfixed)unimportant

Notes

Issue in exrmultiview which is not installed in the binary package.

Search for package or bug name: Reporting problems