Your submission was sent successfully! Close

CVE-2021-23169

Published: 8 June 2021

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

Priority

Negligible

CVSS 3 base score: 8.8

Status

Package Release Status
openexr
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(2.5.4-2)
jammy Not vulnerable
(2.5.7-1)
precise Does not exist

trusty Does not exist

upstream
Released (2.5.4-2)
xenial Not vulnerable
(code not present)

Notes

AuthorNote
mdeslaur
it looks like the fix for this issue actually went into the
exrcheck tool used by the fuzzer

References

Bugs