Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3598

Опубликовано: 11 июн. 2021
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6OpenEXROut of support scope
Red Hat Enterprise Linux 7OpenEXROut of support scope
Red Hat Enterprise Linux 8gimp:flatpak/OpenEXRFix deferred
Red Hat Enterprise Linux 8OpenEXRFix deferred
Red Hat Enterprise Linux 9openexrNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119->CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1970987OpenEXR: Heap buffer overflow in Imf_3_1::CharPtrIO::readChars

EPSS

Процентиль: 37%
0.00162
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3598

CVSS3: 5.5
ubuntu
больше 4 лет назад

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

nvd логотип

CVE-2021-3598

CVSS3: 5.5
nvd
больше 4 лет назад

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

debian логотип

CVE-2021-3598

CVSS3: 5.5
debian
больше 4 лет назад

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...

github логотип

GHSA-fg32-5982-62p3

CVSS3: 5.5
github
больше 3 лет назад

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

fstec логотип

BDU:2021-04485

CVSS3: 5.5
fstec
больше 4 лет назад

Уязвимость функции ImfDeepScanLineInputFile() библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 37%
0.00162
Низкий

5.5 Medium

CVSS3