CVE-2021-23169
Published: 8 June 2021
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
Priority
CVSS 3 base score: 8.8
Status
Package | Release | Status |
---|---|---|
openexr Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Not vulnerable
(2.5.4-2)
|
|
jammy |
Not vulnerable
(2.5.7-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.5.4-2)
|
|
xenial |
Not vulnerable
(code not present)
|
Notes
Author | Note |
---|---|
mdeslaur | it looks like the fix for this issue actually went into the exrcheck tool used by the fuzzer |