7.5

CVE-2021-20298

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenexrOpenexr Version <= 2.5.7
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.22% 0.649
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
Third Party Advisory
Mailing List
https://access.redhat.com/security/cve/CVE-2021-20298
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1939156
Third Party Advisory
Issue Tracking
https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97
Patch
Third Party Advisory
https://github.com/AcademySoftwareFoundation/openexr/pull/843
Patch
Third Party Advisory