Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3236-1:7D297
HistoryDec 11, 2022 - 11:52 p.m.

[SECURITY] [DLA 3236-1] openexr security update

2022-12-1123:52:53
lists.debian.org
23

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.0%

JSON

Debian LTS Advisory DLA-3236-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
December 12, 2022 https://wiki.debian.org/LTS

Package : openexr
Version : 2.2.1-4.1+deb10u2
CVE ID : CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 CVE-2021-3474
CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478
CVE-2021-3479 CVE-2021-3598 CVE-2021-3605 CVE-2021-3933
CVE-2021-3941 CVE-2021-20296 CVE-2021-20298 CVE-2021-20299
CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-23215
CVE-2021-26260 CVE-2021-45942
Debian Bug : 986796 992703 990450 990899 1014828

Multiple security vulnerabilities have been found in OpenEXR, command-line
tools and a library for the OpenEXR image format. Buffer overflows or
out-of-bound reads could lead to a denial of service (application crash) if
a malformed image file is processed.

For Debian 10 buster, these problems have been fixed in version
2.2.1-4.1+deb10u2.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openexr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian9armellibopenexr22< 2.2.0-11+deb9u3libopenexr22_2.2.0-11+deb9u3_armel.deb
Debian9allopenexr-doc< 2.2.0-11+deb9u3openexr-doc_2.2.0-11+deb9u3_all.deb
Debian9i386libopenexr22< 2.2.0-11+deb9u3libopenexr22_2.2.0-11+deb9u3_i386.deb
Debian9amd64openexr< 2.2.0-11+deb9u3openexr_2.2.0-11+deb9u3_amd64.deb
Debian10armhflibopenexr23< 2.2.1-4.1+deb10u2libopenexr23_2.2.1-4.1+deb10u2_armhf.deb
Debian9armellibopenexr-dev< 2.2.0-11+deb9u3libopenexr-dev_2.2.0-11+deb9u3_armel.deb
Debian9amd64libopenexr22< 2.2.0-11+deb9u3libopenexr22_2.2.0-11+deb9u3_amd64.deb
Debian9i386openexr< 2.2.0-11+deb9u3openexr_2.2.0-11+deb9u3_i386.deb
Debian9arm64openexr< 2.2.0-11+deb9u3openexr_2.2.0-11+deb9u3_arm64.deb
Debian9armelopenexr< 2.2.0-11+deb9u3openexr_2.2.0-11+deb9u3_armel.deb
Rows per page:
1-10 of 311

Related

openvas 48
nessus 50
osv 16
debian 4
mageia 4
ubuntu 5
freebsd 1
suse 11
cloudfoundry 3
rosalinux 2
amazon 1
gentoo 2
veracode 6
debiancve 7
prion 9
alpinelinux 2
cve 8
ubuntucve 6
fedora 5
cnvd 4
redhatcve 5
openvas
openvas
Debian: Security Advisory (DLA-3236-1)
2022-12-12 00:00:00
Debian: Security Advisory (DLA-2701-1)
2021-07-04 00:00:00
Debian: Security Advisory (DSA-5299-1)
2022-12-12 00:00:00
nessus
nessus
Debian DLA-3236-1 : openexr - LTS security update
2022-12-19 00:00:00
Debian DLA-2701-1 : openexr - LTS security update
2021-07-03 00:00:00
Debian DSA-5299-1 : openexr - security update
2022-12-11 00:00:00
osv
osv
openexr - security update
2022-12-12 00:00:00
openexr - security update
2021-07-03 00:00:00
openexr - security update
2022-12-10 00:00:00
debian
debian
[SECURITY] [DLA 2701-1] openexr security update
2021-07-03 18:16:01
[SECURITY] [DSA 5299-1] openexr security update
2022-12-10 16:27:46
[SECURITY] [DLA 2732-1] openexr security update
2021-08-04 19:53:02
mageia
mageia
Updated openexr packages fix security vulnerabilities
2021-07-10 15:56:54
Updated openexr packages fix security vulnerability
2021-11-25 16:06:13
Updated openexr packages fix security vulnerabilities
2021-01-10 22:46:12
ubuntu
ubuntu
OpenEXR vulnerabilities
2022-09-20 00:00:00
OpenEXR vulnerabilities
2021-04-01 00:00:00
OpenEXR vulnerabilities
2021-06-22 00:00:00
freebsd
freebsd
openexr, ilmbase -- security fixes related to reading corrupted input files
2021-02-12 00:00:00
suse
suse
Security update for openexr (important)
2021-08-20 00:00:00
Security update for openexr (important)
2021-08-26 00:00:00
Security update for openexr (important)
2021-05-05 00:00:00
cloudfoundry
cloudfoundry
USN-4900-1: OpenEXR vulnerabilities | Cloud Foundry
2021-04-29 00:00:00
USN-4996-1: OpenEXR vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
USN-4676-1: OpenEXR vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2248
2023-10-17 12:58:34
Advisory ROSA-SA-2023-2247
2023-10-17 12:52:56
amazon
amazon
Medium: OpenEXR
2023-06-05 16:39:00
gentoo
gentoo
OpenEXR: Multiple Vulnerabilities
2022-10-31 00:00:00
OpenEXR: Multiple vulnerabilities
2021-07-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-07-11 10:12:19
Denial Of Service (DoS)
2022-02-11 13:33:56
Denial Of Service (DoS)
2021-07-17 14:11:16
debiancve
debiancve
CVE-2021-26260
2021-06-08 12:15:00
CVE-2021-20296
2021-04-01 14:15:00
CVE-2021-20302
2022-03-04 18:15:00
prion
prion
Integer overflow
2021-06-08 12:15:00
Null pointer dereference
2022-03-16 15:15:00
Integer overflow
2022-03-04 18:15:00
alpinelinux
alpinelinux
CVE-2021-26260
2021-06-08 12:15:00
CVE-2021-45942
2022-01-01 01:15:00
cve
cve
CVE-2021-26260
2021-06-08 12:15:00
CVE-2021-20299
2022-03-16 15:15:00
CVE-2021-20300
2022-03-04 18:15:00
ubuntucve
ubuntucve
CVE-2021-26260
2021-06-08 00:00:00
CVE-2021-20298
2022-08-23 00:00:00
CVE-2020-16589
2020-12-09 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: openexr-3.1.4-1.fc35
2022-03-18 20:07:24
[SECURITY] Fedora 36 Update: openexr-3.1.4-1.fc36
2022-03-26 15:46:43
[SECURITY] Fedora 34 Update: mingw-openexr-2.5.5-4.fc34
2022-02-06 02:03:01
cnvd
cnvd
ILM OpenEXR Buffer Overflow Vulnerability
2022-01-05 00:00:00
Industrial Light and Magic Academy Software Foundation OpenEXR code issue vulnerability
2020-12-15 00:00:00
Industrial Light And Magic Academy Software Foundation OpenEXR Buffer Overflow Vulnerability (CNVD-2022-19857)
2020-12-15 00:00:00
redhatcve
redhatcve
CVE-2021-20302
2021-07-14 18:22:02
CVE-2021-20299
2021-07-15 12:57:01
CVE-2020-16589
2021-02-16 17:03:58

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.0%

JSON
Related for DEBIAN:DLA-3236-1:7D297
openvas48nessus50osv16debian4mageia4ubuntu5freebsd1suse11cloudfoundry3rosalinux2amazon1gentoo2veracode6debiancve7prion9alpinelinux2cve8ubuntucve6fedora5cnvd4redhatcve5