ROSA LABROSA-SA-2023-2247Advisory ROSA-SA-2023-2247
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.3%
software: openexr 2.5.8
OS: ROSA-CHROME
package_evr_string: openexr-2.5.8-1.src.rpm
CVE-ID: CVE-2021-23169
BDU-ID: 2021-04603
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the copyIntoFrameBuffer function of the OpenEXR wide dynamic range luminance image storage software is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause a denial of service.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-23215
BDU-ID: 2021-05278
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the DwaCompressor component of the OpenEXR wide dynamic range luminance image storage software is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-26260
BDU-ID: 2021-05221
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the DwaCompressor component of the OpenEXR wide dynamic range luminance image storage software is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-26945
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An integer overflow resulting in a heap buffer overflow was discovered in OpenEXR in versions prior to 3.0.1. An attacker could exploit this vulnerability to crash an application compiled with OpenEXR.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3474
BDU-ID: 2021-01984
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the FastHufDecoder function of the OpenEXR library is related to integer overflow during input file processing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by opening specially crafted EXR files
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update openexr
CVE-ID: CVE-2021-3475
BDU-ID: 2021-01983
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the calculateNumTiles()(OpenEXR/IlmImf/ImfTiledMisc.cpp) function of the OpenEXR library is related to integer overflow during input file processing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by opening specially crafted EXR files
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update openexr
CVE-ID: CVE-2021-3476
BDU-ID: 2021-01978
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the B44 data compression function (OpenEXR/IlmImf/ImfB44Compressor.cpp) of the OpenEXR library is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by opening specially crafted EXR files
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update openexr
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.3%