CVE-2009-1721

N/A Unknown
Published: July 31, 2009 Modified: April 23, 2026
View on NVD

Description

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Source: cve@mitre.org
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
Source: cve@mitre.org
Mailing List
http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
Source: cve@mitre.org
Broken Link Patch
http://secunia.com/advisories/36030
Source: cve@mitre.org
Broken Link Vendor Advisory
http://secunia.com/advisories/36032
Source: cve@mitre.org
Broken Link Vendor Advisory
http://secunia.com/advisories/36096
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/36123
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/36753
Source: cve@mitre.org
Broken Link
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
Source: cve@mitre.org
Broken Link Patch
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
Source: cve@mitre.org
Broken Link Patch
http://support.apple.com/kb/HT3757
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2009/dsa-1842
Source: cve@mitre.org
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
Source: cve@mitre.org
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
Source: cve@mitre.org
Broken Link
http://www.securityfocus.com/bid/35838
Source: cve@mitre.org
Broken Link Patch Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022674
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-831-1
Source: cve@mitre.org
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Source: cve@mitre.org
Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/2035
Source: cve@mitre.org
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2009/2172
Source: cve@mitre.org
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
Source: cve@mitre.org
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
Source: cve@mitre.org
Mailing List
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://secunia.com/advisories/36030
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/36032
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/36096
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36123
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36753
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://support.apple.com/kb/HT3757
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2009/dsa-1842
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/35838
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022674
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-831-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/2035
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2009/2172
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List

44 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
25.3%
96th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-824

Affected Vendors

canonical opensuse openexr fedoraproject debian apple

Related CVEs

CVE-2026-6786 8.1
CVE-2026-6785 8.1
CVE-2026-7041 3.7
CVE-2026-7039 7.8
CVE-2026-7038 3.3