CVE-2024-31047

EUVD-2024-28964
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
openexropenexr
𝑥
< 3.2.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openexr
bookworm
no-dsa
bullseye
no-dsa
bullseye (security)
vulnerable
buster
ignored
forky
3.1.13-2
fixed
sid
3.1.13-2
fixed
trixie
3.1.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openexr
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
mantic
ignored
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
openexr
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.5
fixed
openexr-debuginfo
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.5
fixed
openexr-debugsource
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.5
fixed
openexr-devel
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.5
fixed
openexr-libs
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.5
fixed
openexr-libs-debuginfo
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.5
fixed