Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-3598

Опубликовано: 06 июл. 2021
Источник: debian
EPSS Низкий

Описание

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openexrfixed2.5.7-1package

Примечания

  • https://github.com/AcademySoftwareFoundation/openexr/issues/1033

  • https://github.com/AcademySoftwareFoundation/openexr/pull/1037

  • https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 (master)

  • https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5 (2.5)

  • Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)

EPSS

Процентиль: 37%
0.00162
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-3598

CVSS3: 5.5
ubuntu
больше 4 лет назад

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

redhat логотип

CVE-2021-3598

CVSS3: 5.5
redhat
больше 4 лет назад

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

nvd логотип

CVE-2021-3598

CVSS3: 5.5
nvd
больше 4 лет назад

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

github логотип

GHSA-fg32-5982-62p3

CVSS3: 5.5
github
больше 3 лет назад

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

fstec логотип

BDU:2021-04485

CVSS3: 5.5
fstec
больше 4 лет назад

Уязвимость функции ImfDeepScanLineInputFile() библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 37%
0.00162
Низкий