Описание
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
Отчет
This flaw is out of support scope for OpenEXR as shipped with Red Hat Enterprise Linux 6 and 7. For more information on Red Hat Enterprise Linux support scope, please see https://access.redhat.com/support/policy/updates/errata/ .
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | OpenEXR | Out of support scope | ||
| Red Hat Enterprise Linux 7 | OpenEXR | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gimp:flatpak/OpenEXR | Fix deferred | ||
| Red Hat Enterprise Linux 8 | OpenEXR | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
A heap-based buffer overflow vulnerability exists in Academy Software ...
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
Уязвимость компонента ImfMultiPartInputFile формата графического формата для хранения изображений OpenEXR, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3