ROSA LABROSA-SA-2023-2248Advisory ROSA-SA-2023-2248
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
36.7%
software: openexr 2.5.8
OS: ROSA-CHROME
package_evr_string: openexr-2.5.8-1.src.rpm
CVE-ID: CVE-2021-3477
BDU-ID: 2021-01977
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize() function (src/lib/OpenEXR/ImfDeepTiledInputFile.cpp) of the OpenEXR library is related to integer overflow during input file processing. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code by opening specially crafted EXR files
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3478
BDU-ID: 2021-01976
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the implementation of the Zip (per scanline) file compression method (ImfScanLineInputFile.cpp) of the OpenEXR library is related to uncontrolled resource consumption when processing the to _data->linesInBuffer parameter. Exploitation of the vulnerability could allow an attacker to cause a denial of service by opening specially crafted EXR files
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3479
BDU-ID: 2021-01975
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Scanline API of the OpenEXR library is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service by opening specially crafted EXR files
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3598
BDU-ID: 2021-04485
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the ImfDeepScanLineInputFile() function of the OpenEXR library is caused by a buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3605
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: There is a flaw in OpenEXR’s rleUncompress function in versions prior to 3.0.5. An attacker who can send a crafted file to an OpenEXR-related application can cause a read outside the valid range. The greatest risk associated with this vulnerability is application accessibility.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3933
BDU-ID: 2023-01667
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the OpenEXR wide dynamic range luminance image storage software is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted file
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openexr
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
36.7%