CVE-2021-3477

Опубликовано: 15 фев. 2021

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

There's a flaw in OpenEXR's deep tile sample size calculations. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	OpenEXR	Out of support scope
Red Hat Enterprise Linux 7	OpenEXR	Out of support scope
Red Hat Enterprise Linux 8	gimp:flatpak/OpenEXR	Fix deferred
Red Hat Enterprise Linux 8	OpenEXR	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-190->CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1939159OpenEXR: Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts

EPSS

Процентиль: 66%

0.00507

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-3477

CVSS3: 5.5

ubuntu

почти 5 лет назад

CVE-2021-3477

CVSS3: 5.5

nvd

почти 5 лет назад

CVE-2021-3477

CVSS3: 5.5

debian

почти 5 лет назад

There's a flaw in OpenEXR's deep tile sample size calculations in vers ...

GHSA-wr39-hjqv-c783

CVSS3: 5.5

github

больше 3 лет назад

BDU:2021-01977

CVSS3: 5.5

fstec

больше 5 лет назад

Уязвимость функции DeepTiledInputFile::initialize() (src/lib/OpenEXR/ImfDeepTiledInputFile.cpp) библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 66%

0.00507

Низкий

5.5 Medium

CVSS3