CVE-2021-20296
Published: 01 April 2021
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Priority
Low
CVSS 3 base score: 5.3
Status
| Package | Release | Status |
|---|---|---|
|
openexr Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needed
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Ignored
(reached end-of-life)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needed
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(2.2.0-11.1ubuntu1.7)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(2.2.0-10ubuntu2.6+esm1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a |
||