Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3479

Опубликовано: 15 фев. 2021
Источник: redhat
CVSS3: 6.2
EPSS Низкий

Описание

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

There's a flaw in OpenEXR's Scanline API functionality. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6OpenEXROut of support scope
Red Hat Enterprise Linux 7OpenEXROut of support scope
Red Hat Enterprise Linux 8gimp:flatpak/OpenEXRWill not fix
Red Hat Enterprise Linux 8OpenEXRWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1939149OpenEXR: Out-of-memory caused by allocation of a very large buffer

EPSS

Процентиль: 65%
0.0048
Низкий

6.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3479

CVSS3: 5.5
ubuntu
почти 5 лет назад

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

nvd логотип

CVE-2021-3479

CVSS3: 5.5
nvd
почти 5 лет назад

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

debian логотип

CVE-2021-3479

CVSS3: 5.5
debian
почти 5 лет назад

There's a flaw in OpenEXR's Scanline API functionality in versions bef ...

github логотип

GHSA-vv3j-gmj6-g343

CVSS3: 5.5
github
больше 3 лет назад

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

fstec логотип

BDU:2021-01975

CVSS3: 5.5
fstec
больше 5 лет назад

Уязвимость интерфейса Scanline API библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 65%
0.0048
Низкий

6.2 Medium

CVSS3