CVE-2021-20298
23.08.2022, 16:15
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openexr | openexr | 𝑥 ≤ 2.5.7 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libIlmImf-2_2-23 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libIlmImf-Imf_2_1-21 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libIlmImfUtil-2_2-23 |
| ||||||||||||||||||||||||||||||||||||||||||||
| openexr |
| ||||||||||||||||||||||||||||||||||||||||||||
| openexr-devel |
|
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.