CVE-2017-9112 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Affected Products (NVD)

Vendor	Product	Version
openexr	openexr	2.2.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openexr

bookworm	3.1.5-5 fixed
bullseye	2.5.4-2+deb11u1 fixed
bullseye (security)	2.5.4-2+deb11u1 fixed
jessie	no-dsa
sid	3.1.5-5.1 fixed
trixie	3.1.5-5.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

openexr

artful	ignored
bionic	not-affected
cosmic	not-affected
disco	not-affected
trusty	dne
xenial	Fixed 2.2.0-10ubuntu2.1 released
yakkety	ignored
zesty	ignored

openSUSE / SLES Releases

openSUSE Product

Release

libIlmImf-2_2-23

suse enterprise desktop 15	2.2.1-1.22 fixed
suse enterprise desktop 15 SP1	2.2.1-3.3.11 fixed
suse enterprise desktop 15 SP2	2.2.1-3.14.1 fixed
suse enterprise desktop 15 SP3	2.2.1-3.24.1 fixed
suse enterprise desktop 15 SP4	2.2.1-3.41.1 fixed
suse enterprise desktop 15 SP5	2.2.1-3.41.1 fixed
suse enterprise desktop 15 SP6	2.2.1-150000.3.43.1 fixed
suse enterprise desktop 15 SP7	2.2.1-150000.3.43.1 fixed
suse enterprise sap 15	2.2.1-1.22 fixed
suse enterprise sap 15 SP1	2.2.1-3.3.11 fixed
suse enterprise sap 15 SP2	2.2.1-3.14.1 fixed
suse enterprise sap 15 SP3	2.2.1-3.24.1 fixed
suse enterprise sap 15 SP4	2.2.1-3.41.1 fixed
suse enterprise sap 15 SP5	2.2.1-3.41.1 fixed
suse enterprise sap 15 SP6	2.2.1-150000.3.43.1 fixed
suse enterprise sap 15 SP7	2.2.1-150000.3.43.1 fixed
suse enterprise server 15	2.2.1-1.22 fixed
suse enterprise server 15 SP1	2.2.1-3.3.11 fixed
suse enterprise server 15 SP2	2.2.1-3.14.1 fixed
suse enterprise server 15 SP3	2.2.1-3.24.1 fixed
suse enterprise server 15 SP4	2.2.1-3.41.1 fixed
suse enterprise server 15 SP5	2.2.1-3.41.1 fixed
suse enterprise server 15 SP6	2.2.1-150000.3.43.1 fixed
suse enterprise server 15 SP7	2.2.1-150000.3.43.1 fixed

libIlmImf-Imf_2_1-21

suse enterprise sap 12 SP4	2.1.0-6.10.1 fixed
suse enterprise sap 12 SP5	2.1.0-6.13.1 fixed
suse enterprise server 12 SP3	2.1.0-6.10.1 fixed
suse enterprise server 12 SP4	2.1.0-6.10.1 fixed
suse enterprise server 12 SP5	2.1.0-6.13.1 fixed

libIlmImfUtil-2_2-23

suse enterprise desktop 15	2.2.1-1.22 fixed
suse enterprise desktop 15 SP1	2.2.1-3.3.11 fixed
suse enterprise desktop 15 SP2	2.2.1-3.14.1 fixed
suse enterprise desktop 15 SP3	2.2.1-3.24.1 fixed
suse enterprise desktop 15 SP4	2.2.1-3.41.1 fixed
suse enterprise desktop 15 SP5	2.2.1-3.41.1 fixed
suse enterprise desktop 15 SP6	2.2.1-150000.3.43.1 fixed
suse enterprise desktop 15 SP7	2.2.1-150000.3.43.1 fixed
suse enterprise sap 15	2.2.1-1.22 fixed
suse enterprise sap 15 SP1	2.2.1-3.3.11 fixed
suse enterprise sap 15 SP2	2.2.1-3.14.1 fixed
suse enterprise sap 15 SP3	2.2.1-3.24.1 fixed
suse enterprise sap 15 SP4	2.2.1-3.41.1 fixed
suse enterprise sap 15 SP5	2.2.1-3.41.1 fixed
suse enterprise sap 15 SP6	2.2.1-150000.3.43.1 fixed
suse enterprise sap 15 SP7	2.2.1-150000.3.43.1 fixed
suse enterprise server 15	2.2.1-1.22 fixed
suse enterprise server 15 SP1	2.2.1-3.3.11 fixed
suse enterprise server 15 SP2	2.2.1-3.14.1 fixed
suse enterprise server 15 SP3	2.2.1-3.24.1 fixed
suse enterprise server 15 SP4	2.2.1-3.41.1 fixed
suse enterprise server 15 SP5	2.2.1-3.41.1 fixed
suse enterprise server 15 SP6	2.2.1-150000.3.43.1 fixed
suse enterprise server 15 SP7	2.2.1-150000.3.43.1 fixed

openexr

suse enterprise sap 12 SP4	2.1.0-6.10.1 fixed
suse enterprise sap 12 SP5	2.1.0-6.13.1 fixed
suse enterprise server 12 SP3	2.1.0-6.10.1 fixed
suse enterprise server 12 SP4	2.1.0-6.10.1 fixed
suse enterprise server 12 SP5	2.1.0-6.13.1 fixed

openexr-devel

suse enterprise desktop 15	2.2.1-1.22 fixed
suse enterprise desktop 15 SP1	2.2.1-3.3.11 fixed
suse enterprise desktop 15 SP2	2.2.1-3.14.1 fixed
suse enterprise desktop 15 SP3	2.2.1-3.24.1 fixed
suse enterprise desktop 15 SP4	2.2.1-3.41.1 fixed
suse enterprise desktop 15 SP5	2.2.1-3.41.1 fixed
suse enterprise desktop 15 SP6	2.2.1-150000.3.43.1 fixed
suse enterprise desktop 15 SP7	2.2.1-150000.3.43.1 fixed
suse enterprise sap 15	2.2.1-1.22 fixed
suse enterprise sap 15 SP1	2.2.1-3.3.11 fixed
suse enterprise sap 15 SP2	2.2.1-3.14.1 fixed
suse enterprise sap 15 SP3	2.2.1-3.24.1 fixed
suse enterprise sap 15 SP4	2.2.1-3.41.1 fixed
suse enterprise sap 15 SP5	2.2.1-3.41.1 fixed
suse enterprise sap 15 SP6	2.2.1-150000.3.43.1 fixed
suse enterprise sap 15 SP7	2.2.1-150000.3.43.1 fixed
suse enterprise server 15	2.2.1-1.22 fixed
suse enterprise server 15 SP1	2.2.1-3.3.11 fixed
suse enterprise server 15 SP2	2.2.1-3.14.1 fixed
suse enterprise server 15 SP3	2.2.1-3.24.1 fixed
suse enterprise server 15 SP4	2.2.1-3.41.1 fixed
suse enterprise server 15 SP5	2.2.1-3.41.1 fixed
suse enterprise server 15 SP6	2.2.1-150000.3.43.1 fixed
suse enterprise server 15 SP7	2.2.1-150000.3.43.1 fixed

References

http://www.openwall.com/lists/oss-security/2017/05/12/5

https://github.com/openexr/openexr/issues/232

https://github.com/openexr/openexr/pull/233

https://github.com/openexr/openexr/releases/tag/v2.2.1

https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html

https://usn.ubuntu.com/4148-1/

http://www.openwall.com/lists/oss-security/2017/05/12/5

https://github.com/openexr/openexr/issues/232

https://github.com/openexr/openexr/pull/233

https://github.com/openexr/openexr/releases/tag/v2.2.1

https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html

https://usn.ubuntu.com/4148-1/