CVE-2021-23169
Published: 8 June 2021
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
Priority
Negligible
CVSS 3 base score: 8.8
Status
| Package | Release | Status |
|---|---|---|
|
openexr Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(2.5.4-2)
|
|
| jammy |
Not vulnerable
(2.5.7-1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.5.4-2)
|
|
| xenial |
Not vulnerable
(code not present)
|
Notes
| Author | Note |
|---|---|
| mdeslaur | it looks like the fix for this issue actually went into the exrcheck tool used by the fuzzer |