CVE-2021-26945

Опубликовано: 17 мар. 2021

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

An integer overflow leading to a heap-buffer overflow was found in OpenEXR. An attacker could use this flaw to crash an application compiled with OpenEXR.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	OpenEXR	Out of support scope
Red Hat Enterprise Linux 7	OpenEXR	Fix deferred
Red Hat Enterprise Linux 8	gimp:flatpak/OpenEXR	Fix deferred
Red Hat Enterprise Linux 8	OpenEXR	Fix deferred
Red Hat Enterprise Linux 9	openexr	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-191->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1947591OpenEXR: Integer-overflow in bool Imf_2_5::readDeepTile<Imf_2_5::DeepTiledInputPart>

EPSS

Процентиль: 49%

0.00256

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-26945

CVSS3: 5.5

ubuntu

больше 4 лет назад

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

CVE-2021-26945

CVSS3: 5.5

nvd

больше 4 лет назад

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

CVE-2021-26945

CVSS3: 5.5

debian

больше 4 лет назад

An integer overflow leading to a heap-buffer overflow was found in Ope ...

GHSA-h5g9-4xw7-698r

CVSS3: 5.5

github

больше 3 лет назад

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

EPSS

Процентиль: 49%

0.00256

Низкий

5.5 Medium

CVSS3