CVE-2021-20303
04.03.2022, 18:15
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openexr | openexr | 𝑥 < 2.5.4 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libIlmImf-2_2-23 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libIlmImf-Imf_2_1-21 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libIlmImfUtil-2_2-23 |
| ||||||||||||||||||||||||||||||||||||||||||||
| openexr |
| ||||||||||||||||||||||||||||||||||||||||||||
| openexr-devel |
|
References