Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-3477

Опубликовано: 31 мар. 2021
Источник: debian

Описание

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openexrfixed2.5.4-1package

Примечания

  • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956

  • https://bugzilla.redhat.com/show_bug.cgi?id=1939159

  • https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1

  • Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)

Связанные уязвимости

ubuntu логотип

CVE-2021-3477

CVSS3: 5.5
ubuntu
почти 5 лет назад

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

redhat логотип

CVE-2021-3477

CVSS3: 5.5
redhat
почти 5 лет назад

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

nvd логотип

CVE-2021-3477

CVSS3: 5.5
nvd
почти 5 лет назад

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

github логотип

GHSA-wr39-hjqv-c783

CVSS3: 5.5
github
больше 3 лет назад

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

fstec логотип

BDU:2021-01977

CVSS3: 5.5
fstec
больше 5 лет назад

Уязвимость функции DeepTiledInputFile::initialize() (src/lib/OpenEXR/ImfDeepTiledInputFile.cpp) библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код