CVE-2021-23215
Description
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.106
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| tools for the OpenEXR image format (USN-4996-1) openexr_2.2.0-11.1ubuntu1.7_i386.deb | Linux |
| tools for the OpenEXR image format (USN-4996-1) openexr_2.2.0-11.1ubuntu1.7_amd64.deb | Linux |
| tools for the OpenEXR image format (USN-4996-1) libopenexr22_2.2.0-11.1ubuntu1.7_i386.deb | Linux |
| tools for the OpenEXR image format (USN-4996-1) libopenexr22_2.2.0-11.1ubuntu1.7_amd64.deb | Linux |
| openexr security update(DSA-5299-1) openexr_2.5.4-2+deb11u1_i386.deb | Linux |
| openexr security update(DSA-5299-1) openexr_2.5.4-2+deb11u1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234