Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-20303

Опубликовано: 04 мар. 2022
Источник: nvd
CVSS3: 6.1
CVSS2: 5.8
EPSS Низкий

Описание

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*
Версия до 2.5.4 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 33%
0.00132
Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-190
CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2021-20303

CVSS3: 6.1
ubuntu
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

redhat логотип

CVE-2021-20303

CVSS3: 6.1
redhat
почти 5 лет назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

debian логотип

CVE-2021-20303

CVSS3: 6.1
debian
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cp ...

github логотип

GHSA-vhq7-5jv5-9gwf

CVSS3: 6.1
github
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

fstec логотип

BDU:2023-01699

CVSS3: 5.9
fstec
больше 5 лет назад

Уязвимость функции dataWindowForTile() компонента IlmImf/ImfTiledMisc.cpp программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

EPSS

Процентиль: 33%
0.00132
Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-190
CWE-190