Описание
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
Отчет
Red Hat Enterprise Linux 7 and prior are not affected by this flaw as they do not ship vulnerable versions of OpenEXR.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | OpenEXR | Out of support scope | ||
| Red Hat Enterprise Linux 7 | OpenEXR | Not affected | ||
| Red Hat Enterprise Linux 8 | mingw-OpenEXR | Will not fix | ||
| Red Hat Enterprise Linux 8 | OpenEXR | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
Уязвимость функции DwaCompressor::Classifier::Classifier программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с ошибкой единичного смещения, позволяющая нарушителю вызвать отказ в обслуживании
5.5 Medium
CVSS3