Home

CVE-2021-3933

Description

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.53

Associated Vulnerability

VulnerabilityOS Platform
tools for the OpenEXR image format (USN-5144-1) openexr_2.2.0-11.1ubuntu1.8_i386.debLinux
tools for the OpenEXR image format (USN-5144-1) openexr_2.2.0-11.1ubuntu1.8_amd64.debLinux
tools for the OpenEXR image format (USN-5144-1) libopenexr22_2.2.0-11.1ubuntu1.8_i386.debLinux
tools for the OpenEXR image format (USN-5144-1) libopenexr22_2.2.0-11.1ubuntu1.8_amd64.debLinux
SUSE-SU-2021:3843-1(SUSE Linux Enterprise Server 12-SP5 ) libIlmImf-Imf_2_1-21-2.1.0-6.42.1.x86_64.rpmLinux
SUSE-SU-2021:3843-1(SUSE Linux Enterprise Server 12-SP5 ) libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.42.1.x86_64.rpmLinux
SUSE-SU-2021:3843-1(SUSE Linux Enterprise Server 12-SP5 ) openexr-2.1.0-6.42.1.x86_64.rpmLinux
SUSE-SU-2021:3843-1(SUSE Linux Enterprise Server 12-SP5 ) openexr-debuginfo-2.1.0-6.42.1.x86_64.rpmLinux
SUSE-SU-2021:3843-1(SUSE Linux Enterprise Server 12-SP5 ) openexr-debugsource-2.1.0-6.42.1.x86_64.rpmLinux
openexr security update(DSA-5299-1) openexr_2.5.4-2+deb11u1_i386.debLinux
openexr security update(DSA-5299-1) openexr_2.5.4-2+deb11u1_amd64.debLinux
openexr Security Update (ALAS2023-2023-022) openexr-3.1.5-1.amzn2023.0.3.x86_64.rpmLinux
openexr Security Update (ALAS2023-2023-022) openexr-devel-3.1.5-1.amzn2023.0.3.x86_64.rpmLinux
openexr Security Update (ALAS2023-2023-022) openexr-libs-3.1.5-1.amzn2023.0.3.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234