Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-20303

Опубликовано: 15 фев. 2021
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

There is a flaw in OpenEXR's dataWindowForTile function. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6OpenEXROut of support scope
Red Hat Enterprise Linux 7OpenEXROut of support scope
Red Hat Enterprise Linux 8gimp:flatpak/OpenEXRWill not fix
Red Hat Enterprise Linux 8OpenEXRWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1939151OpenEXR: Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer

EPSS

Процентиль: 33%
0.00132
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-20303

CVSS3: 6.1
ubuntu
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

nvd логотип

CVE-2021-20303

CVSS3: 6.1
nvd
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

debian логотип

CVE-2021-20303

CVSS3: 6.1
debian
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cp ...

github логотип

GHSA-vhq7-5jv5-9gwf

CVSS3: 6.1
github
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

fstec логотип

BDU:2023-01699

CVSS3: 5.9
fstec
больше 5 лет назад

Уязвимость функции dataWindowForTile() компонента IlmImf/ImfTiledMisc.cpp программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

EPSS

Процентиль: 33%
0.00132
Низкий

6.1 Medium

CVSS3