CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26945
https://notcve.org/view.php?id=CVE-2021-26945
An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. Se ha encontrado un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR • https://bugzilla.redhat.com/show_bug.cgi?id=1947591 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-26260
https://notcve.org/view.php?id=CVE-2021-26260
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. Se encontró un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en el DwaCompressor de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR. • https://bugzilla.redhat.com/show_bug.cgi?id=1947582 https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K https://www.debian.org/security/2022/dsa-5299 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23169
https://notcve.org/view.php?id=CVE-2021-23169
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR. Se encontró un desbordamiento del búfer de la pila en la función copyIntoFrameBuffer de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para ejecutar código arbitrario con los permisos del usuario que ejecuta la aplicación compilada con OpenEXR • https://bugzilla.redhat.com/show_bug.cgi?id=1947612 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K https://security.gentoo.org/glsa/202210-31 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-23215
https://notcve.org/view.php?id=CVE-2021-23215
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. Se ha encontrado un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en el DwaCompressor de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR • https://bugzilla.redhat.com/show_bug.cgi?id=1947586 https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K https://www.debian.org/security/2022/dsa-5299 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20296
https://notcve.org/view.php?id=CVE-2021-20296
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. Se encontró un fallo en OpenEXR en versiones anteriores a 3.0.0-beta. Un archivo de entrada diseñado proporcionado por un atacante, que es procesado por la funcionalidad de decompresión Dwa de la biblioteca IlmImf de OpenEXR, podría causar una desreferencia del puntero NULL. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854 https://bugzilla.redhat.com/show_bug.cgi?id=1939141 https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://security.gentoo.org/glsa/202107-27 • CWE-476: NULL Pointer Dereference •