Описание
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.2.0-11.1ubuntu1.6 |
| devel | not-affected | 2.5.7-1 |
| esm-apps/focal | released | 2.3.0-6ubuntu0.5 |
| esm-apps/jammy | not-affected | 2.5.7-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 2.2.0-11.1ubuntu1.6 |
| esm-infra/xenial | released | 2.2.0-10ubuntu2.6 |
| focal | released | 2.3.0-6ubuntu0.5 |
| groovy | released | 2.5.3-2ubuntu0.2 |
| hirsute | not-affected | 2.5.4-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
There's a flaw in OpenEXR's scanline input file functionality in versi ...
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
Уязвимость реализации метода сжатия файла с использованием строки сканирования Zip (per scanline) (ImfScanLineInputFile.cpp) библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3