CVE-2021-20296
Description
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXRs IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
1.014
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| tools for the OpenEXR image format (USN-4996-1) openexr_2.2.0-11.1ubuntu1.7_i386.deb | Linux |
| tools for the OpenEXR image format (USN-4996-1) openexr_2.2.0-11.1ubuntu1.7_amd64.deb | Linux |
| tools for the OpenEXR image format (USN-4996-1) libopenexr22_2.2.0-11.1ubuntu1.7_i386.deb | Linux |
| tools for the OpenEXR image format (USN-4996-1) libopenexr22_2.2.0-11.1ubuntu1.7_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234