CVE-2021-3605: There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked…

CVE-2021-23215 [MEDIUM] OpenEXR vulnerabilities Title: OpenEXR vulnerabilities Summary: Several security issues were fixed in OpenEXR. It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. These issues only affected Ubuntu 20.04 ESM. (CVE-2021-3598, CVE-2021-3605, CVE-2021-20296, CVE-2021-23215, CVE-2021-26260) It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2021-3933) It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash. (CVE-2021-3941) Instructions: In ge

CVE-2021-3605 OpenEXR vulnerabilities Title: OpenEXR vulnerabilities Summary: Several security issues were fixed in OpenEXR. USN-4996-1 fixed several vulnerabilities in OpenEXR. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2021-3605 OpenEXR vulnerabilities Title: OpenEXR vulnerabilities Summary: Several security issues were fixed in OpenEXR. It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2021-3605 [MEDIUM] CWE-119 OpenEXR: Heap buffer overflow in the rleUncompress function OpenEXR: Heap buffer overflow in the rleUncompress function There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. There's a flaw in OpenEXR's rleUncompress functionality. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Package: OpenEXR (Red Hat Enterprise Linux 6) - Out of support scope Package: OpenEXR (Red Hat Enterprise Linux 7) - Out of support scope Package: gimp:flatpak/OpenEXR (Red Hat Enterprise Linux 8) - Fix deferred Package

CVE-2021-3605 [MEDIUM] CVE-2021-3605: openexr - There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0... There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Scope: local bookworm: resolved (fixed in 2.5.7-1) bullseye: resolved (fixed in 2.5.4-2+deb11u1) forky: resolved (fixed in 2.5.7-1) sid: resolved (fixed in 2.5.7-1) trixie: resolved (fixed in 2.5.7-1)

CVE-2021-3598 [MEDIUM] openexr vulnerabilities openexr vulnerabilities It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. These issues only affected Ubuntu 20.04 ESM. (CVE-2021-3598, CVE-2021-3605, CVE-2021-20296, CVE-2021-23215, CVE-2021-26260) It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2021-3933) It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash. (CVE-2021-3941)

CVE-2021-3605 [MEDIUM] CWE-119 GHSA-c2vj-fxvp-674h: There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3 There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

CVE-2021-3605 [MEDIUM] CVE-2021-3605: There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3 There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.