Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-20296

Опубликовано: 01 апр. 2021
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5
CVSS3: 5.3

Описание

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

РелизСтатусПримечание
bionic

released

2.2.0-11.1ubuntu1.7
devel

not-affected

2.5.7-1
esm-apps/focal

released

2.3.0-6ubuntu0.5+esm1
esm-apps/jammy

not-affected

2.5.7-1
esm-apps/noble

not-affected

2.5.7-1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

2.2.0-11.1ubuntu1.7
esm-infra/xenial

released

2.2.0-10ubuntu2.6+esm1
focal

ignored

end of standard support, was needed
groovy

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 77%
0.01014
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-20296

CVSS3: 5.3
redhat
почти 5 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-20296

CVSS3: 5.3
nvd
почти 5 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2021-20296

CVSS3: 5.3
debian
почти 5 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...

github логотип

GHSA-h585-99w7-8g9c

CVSS3: 5.3
github
больше 3 лет назад

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

fstec логотип

BDU:2021-05210

CVSS3: 5.3
fstec
больше 5 лет назад

Уязвимость функции декомпрессии Dwa библиотеки IlmImf программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 77%
0.01014
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3