Your submission was sent successfully! Close

CVE-2021-23215

Published: 8 June 2021

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
openexr
Launchpad, Ubuntu, Debian
bionic
Released (2.2.0-11.1ubuntu1.7)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Not vulnerable
(2.5.7-1)
precise Does not exist

trusty Does not exist

upstream
Released (2.5.7-1)
xenial
Released (2.2.0-10ubuntu2.6+esm1)