Описание
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 2.5.7-1 |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | not-affected | 2.5.7-1 |
| esm-apps/noble | not-affected | 2.5.7-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| focal | ignored | end of standard support, was needs-triage |
| groovy | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
Уязвимость функции copyIntoFrameBuffer программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3