Vulnerability Details CVE-2021-23215
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1947586
- https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html
- https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/
- https://www.debian.org/security/2022/dsa-5299
- https://bugzilla.redhat.com/show_bug.cgi?id=1947586
- https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html
- https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/
- https://www.debian.org/security/2022/dsa-5299
Products affected by CVE-2021-23215
-
cpe:2.3:a:openexr:openexr:-
-
cpe:2.3:a:openexr:openexr:1.0
-
cpe:2.3:a:openexr:openexr:1.0.1
-
cpe:2.3:a:openexr:openexr:1.0.2
-
cpe:2.3:a:openexr:openexr:1.0.3
-
cpe:2.3:a:openexr:openexr:1.0.4
-
cpe:2.3:a:openexr:openexr:1.0.5
-
cpe:2.3:a:openexr:openexr:1.0.6
-
cpe:2.3:a:openexr:openexr:1.0.7
-
cpe:2.3:a:openexr:openexr:1.1.0
-
cpe:2.3:a:openexr:openexr:1.1.1
-
cpe:2.3:a:openexr:openexr:1.2.1
-
cpe:2.3:a:openexr:openexr:1.2.2
-
cpe:2.3:a:openexr:openexr:1.3.0
-
cpe:2.3:a:openexr:openexr:1.3.1
-
cpe:2.3:a:openexr:openexr:1.3.2
-
cpe:2.3:a:openexr:openexr:1.4.0
-
cpe:2.3:a:openexr:openexr:1.5.0
-
cpe:2.3:a:openexr:openexr:1.6.0
-
cpe:2.3:a:openexr:openexr:1.6.1
-
cpe:2.3:a:openexr:openexr:1.7.0
-
cpe:2.3:a:openexr:openexr:1.7.1
-
cpe:2.3:a:openexr:openexr:2.0.0
-
cpe:2.3:a:openexr:openexr:2.0.1
-
cpe:2.3:a:openexr:openexr:2.1.0
-
cpe:2.3:a:openexr:openexr:2.2.0
-
cpe:2.3:a:openexr:openexr:2.2.1
-
cpe:2.3:a:openexr:openexr:2.2.2
-
cpe:2.3:a:openexr:openexr:2.3.0
-
cpe:2.3:a:openexr:openexr:2.4.0
-
cpe:2.3:a:openexr:openexr:2.4.1
-
cpe:2.3:a:openexr:openexr:2.4.2
-
cpe:2.3:a:openexr:openexr:2.4.3
-
cpe:2.3:a:openexr:openexr:2.5.0
-
cpe:2.3:a:openexr:openexr:2.5.1
-
cpe:2.3:a:openexr:openexr:2.5.10
-
cpe:2.3:a:openexr:openexr:2.5.2
-
cpe:2.3:a:openexr:openexr:2.5.3
-
cpe:2.3:a:openexr:openexr:2.5.4
-
cpe:2.3:a:openexr:openexr:2.5.5
-
cpe:2.3:a:openexr:openexr:2.5.6
-
cpe:2.3:a:openexr:openexr:2.5.7
-
cpe:2.3:a:openexr:openexr:2.5.8
-
cpe:2.3:a:openexr:openexr:2.5.9
-
cpe:2.3:a:openexr:openexr:3.0.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:33