Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-20296

Опубликовано: 15 фев. 2021
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

A flaw was found in OpenEXR. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6OpenEXROut of support scope
Red Hat Enterprise Linux 7OpenEXROut of support scope
Red Hat Enterprise Linux 8gimp:flatpak/OpenEXRFix deferred
Red Hat Enterprise Linux 8OpenEXRFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1939141OpenEXR: Segv on unknown address in Imf_2_5::hufUncompress - Null Pointer dereference

EPSS

Процентиль: 77%
0.01014
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-20296

CVSS3: 5.3
ubuntu
почти 5 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-20296

CVSS3: 5.3
nvd
почти 5 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2021-20296

CVSS3: 5.3
debian
почти 5 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...

github логотип

GHSA-h585-99w7-8g9c

CVSS3: 5.3
github
больше 3 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

fstec логотип

BDU:2021-05210

CVSS3: 5.3
fstec
больше 5 лет назад

Уязвимость функции декомпрессии Dwa библиотеки IlmImf программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 77%
0.01014
Низкий

5.3 Medium

CVSS3