Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-20303

Опубликовано: 04 мар. 2022
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5.8
CVSS3: 6.1

Описание

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

2.5.7-1
esm-apps/focal

needs-triage

esm-apps/jammy

not-affected

2.5.7-1
esm-apps/noble

not-affected

2.5.7-1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

needs-triage

esm-infra/xenial

needs-triage

focal

ignored

end of standard support, was needs-triage
groovy

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 33%
0.00132
Низкий

5.8 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-20303

CVSS3: 6.1
redhat
почти 5 лет назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

nvd логотип

CVE-2021-20303

CVSS3: 6.1
nvd
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

debian логотип

CVE-2021-20303

CVSS3: 6.1
debian
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cp ...

github логотип

GHSA-vhq7-5jv5-9gwf

CVSS3: 6.1
github
почти 4 года назад

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

fstec логотип

BDU:2023-01699

CVSS3: 5.9
fstec
больше 5 лет назад

Уязвимость функции dataWindowForTile() компонента IlmImf/ImfTiledMisc.cpp программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

EPSS

Процентиль: 33%
0.00132
Низкий

5.8 Medium

CVSS2

6.1 Medium

CVSS3