Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-3477

Опубликовано: 31 мар. 2021
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.5

Описание

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

РелизСтатусПримечание
bionic

released

2.2.0-11.1ubuntu1.6
devel

not-affected

2.5.7-1
esm-apps/focal

released

2.3.0-6ubuntu0.5
esm-apps/jammy

not-affected

2.5.7-1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

2.2.0-11.1ubuntu1.6
esm-infra/xenial

released

2.2.0-10ubuntu2.6
focal

released

2.3.0-6ubuntu0.5
groovy

released

2.5.3-2ubuntu0.2
hirsute

not-affected

2.5.4-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 66%
0.00507
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-3477

CVSS3: 5.5
redhat
почти 5 лет назад

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

nvd логотип

CVE-2021-3477

CVSS3: 5.5
nvd
почти 5 лет назад

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

debian логотип

CVE-2021-3477

CVSS3: 5.5
debian
почти 5 лет назад

There's a flaw in OpenEXR's deep tile sample size calculations in vers ...

github логотип

GHSA-wr39-hjqv-c783

CVSS3: 5.5
github
больше 3 лет назад

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

fstec логотип

BDU:2021-01977

CVSS3: 5.5
fstec
больше 5 лет назад

Уязвимость функции DeepTiledInputFile::initialize() (src/lib/OpenEXR/ImfDeepTiledInputFile.cpp) библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 66%
0.00507
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3