Page 2 of 37 results (0.009 seconds)

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20300

https://notcve.org/view.php?id=CVE-2021-20300

A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad hufUncompress de OpenEXR en el archivo OpenEXR/IlmImf/ImfHuf.cpp. Este fallo permite a un atacante que pueda enviar un archivo diseñado que sea procesado por OpenEXR, para desencadenar un desbordamiento de enteros. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562 https://bugzilla.redhat.com/show_bug.cgi?id=1939153 https://github.com/AcademySoftwareFoundation/openexr/pull/836 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20302

https://notcve.org/view.php?id=CVE-2021-20302

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad TiledInputFile de OpenEXR. Este fallo permite a un atacante que pueda enviar una imagen no diseñada de una sola parte para que sea procesada por OpenEXR, para desencadenar un error de excepción de punto flotante. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894 https://bugzilla.redhat.com/show_bug.cgi?id=1939161 https://github.com/AcademySoftwareFoundation/openexr/pull/842 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-3933

https://notcve.org/view.php?id=CVE-2021-3933

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. Podría producirse un desbordamiento de enteros cuando OpenEXR procesa un archivo diseñado en sistemas donde size_t es menor a 64 bits. Esto podría causar un valor no válido de bytesPerLine y maxBytesPerLine, lo que podría conllevar a problemas con la estabilidad de la aplicación o conducir a otras vías de ataque • https://bugzilla.redhat.com/show_bug.cgi?id=2019783 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN https://security.gentoo.org/glsa/202210-31 https://www.debian.org/security/2022/dsa-5299 • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-3598

https://notcve.org/view.php?id=CVE-2021-3598

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Se presenta un fallo en la funcionalidad ImfDeepScanLineInputFile de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1970987 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://security.gentoo.org/glsa/202210-31 https://www.debian.org/security/2022/dsa-5299 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-3605

https://notcve.org/view.php?id=CVE-2021-3605

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Se presenta un fallo en la funcionalidad rleUncompress de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1970991 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://security.gentoo.org/glsa/202210-31 https://www.debian.org/security/2022/dsa-5299 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •