CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5841 – OpenEXR Heap Overflow in Scanline Deep Data Parsing
https://notcve.org/view.php?id=CVE-2023-5841
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. Debido a un fallo en la validación del número de muestras de líneas de escaneo de un archivo OpenEXR que contiene datos de líneas de escaneo profundas, la librería de análisis de imágenes Academy Software Foundation OpenEX versión 3.2.1 y anteriores es susceptible a una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria. A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanline data, allowing a read or write primitive based on the provided EXR file attributes. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI https://takeonme.org/cves/CVE-2023-5841.html https://access.redhat.com/security/cve/CVE-2023-5841 https://bugzilla.redhat.com/show_bug.cgi?id=2262397 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20298
https://notcve.org/view.php?id=CVE-2021-20298
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en B44Compressor de OpenEXR. Este fallo permite a un atacante que puede enviar un archivo diseñado para ser procesado por OpenEXR, agotar toda la memoria accesible a la aplicación. • https://access.redhat.com/security/cve/CVE-2021-20298 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913 https://bugzilla.redhat.com/show_bug.cgi?id=1939156 https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97 https://github.com/AcademySoftwareFoundation/openexr/pull/843 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20304
https://notcve.org/view.php?id=CVE-2021-20304
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad hufDecode de OpenEXR. Este fallo permite a un atacante que pueda pasar un archivo diseñado para ser procesado por OpenEXR, desencadenar un error de desplazamiento a la derecha no definido. • https://access.redhat.com/security/cve/CVE-2021-20304 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229 https://bugzilla.redhat.com/show_bug.cgi?id=1939157 https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e https://github.com/AcademySoftwareFoundation/openexr/pull/849 https://security.gentoo.org/glsa/202210-31 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20299
https://notcve.org/view.php?id=CVE-2021-20299
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad Multipart input file de OpenEXR. Un archivo de entrada multiparte diseñado sin partes reales puede desencadenar una desreferencia de puntero NULL. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740 https://bugzilla.redhat.com/show_bug.cgi?id=1939154 https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20303
https://notcve.org/view.php?id=CVE-2021-20303
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. Un fallo encontrado en la función dataWindowForTile() del archivo IlmImf/ImfTiledMisc.cpp. Un atacante que sea capaz de enviar un archivo diseñado para ser procesado por OpenEXR podría desencadenar un desbordamiento de enteros, conllevando a una escritura fuera de límites en la pila. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505 https://bugzilla.redhat.com/show_bug.cgi?id=1939151 https://github.com/AcademySoftwareFoundation/openexr/pull/831 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html • CWE-190: Integer Overflow or Wraparound •