CVE-2021-23215Uncontrolled Resource Consumption in Openexr

CWE-400Uncontrolled Resource ConsumptionCWE-190Integer Overflow or WraparoundCWE-191Integer Underflow (Wrap or Wraparound)14 documents6 sources
Severity
5.5MEDIUMNVD
OSV5.3
EPSS
0.1%
top 71.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
OpenexrDebian OpenexrDebian Linux+1 more
Timeline
PublishedJun 8
Latest updateSep 20

Description

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/openexr< openexr 2.5.7-1 (bookworm)
NVDopenexr/openexr< 3.0.1
Debianopenexr/openexr< 2.5.4-2+deb11u1+3
Ubuntuopenexr/openexr< 2.3.0-6ubuntu0.5+esm1+1
CVEListV5openexr/openexrOpenEXR 3.0.1

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 33

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
openexr vulnerabilities2022-09-20
GHSA
GHSA-mr39-xfw3-r82c: An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 32022-05-24
GHSA
GHSA-4463-879q-57jx: An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 32022-05-24
OSV
CVE-2021-23215: An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 32021-06-08
OSV
CVE-2021-26260: An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 32021-06-08

📋Vendor Advisories

7
Ubuntu
OpenEXR vulnerabilities2022-09-20
Ubuntu
OpenEXR vulnerabilities2021-06-22
Ubuntu
OpenEXR vulnerabilities2021-06-22
Red Hat
OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers2021-03-17
Red Hat
OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers2021-03-17