Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-20296

Опубликовано: 01 апр. 2021
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*
Версия до 2.4.3 (исключая)
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*
Версия от 2.5.0 (включая) до 2.5.4 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01014
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2021-20296

CVSS3: 5.3
ubuntu
почти 5 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2021-20296

CVSS3: 5.3
redhat
почти 5 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2021-20296

CVSS3: 5.3
debian
почти 5 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...

github логотип

GHSA-h585-99w7-8g9c

CVSS3: 5.3
github
больше 3 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

fstec логотип

BDU:2021-05210

CVSS3: 5.3
fstec
больше 5 лет назад

Уязвимость функции декомпрессии Dwa библиотеки IlmImf программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 77%
0.01014
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476