CVE-2021-23169

Name
CVE-2021-23169
Description
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1947612
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* openexr >= None < 3.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openexr 3.13-community 2.5.4-r0 Mark Riedesel <mark+alpine@klowner.com> possibly vulnerable
openexr 3.14-community 2.5.5-r3 Mark Riedesel <mark+alpine@klowner.com> possibly vulnerable
openexr edge-community 2.5.7-r0 Mark Riedesel <mark+alpine@klowner.com> possibly vulnerable