Vulnerability Description
makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ilm | Openexr | 2.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/openexr/openexr/issues/351ExploitThird Party Advisory
- https://github.com/openexr/openexr/releases/tag/v2.4.0
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://usn.ubuntu.com/4148-1/
- https://usn.ubuntu.com/4339-1/
- https://github.com/openexr/openexr/issues/351ExploitThird Party Advisory
- https://github.com/openexr/openexr/releases/tag/v2.4.0
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://usn.ubuntu.com/4148-1/
- https://usn.ubuntu.com/4339-1/
FAQ
What is CVE-2018-18444?
CVE-2018-18444 is a vulnerability with a CVSS score of 8.8 (HIGH). makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
How severe is CVE-2018-18444?
CVE-2018-18444 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18444?
Check the references section above for vendor advisories and patch information. Affected products include: Ilm Openexr.