18 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-3479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEX...
Advisory ROSA-SA-2023-2248
software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...
Amazon Linux 2 : OpenEXR (ALAS-2023-2241)
The version of OpenEXR installed on the remote host is prior to 1.7.1-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2241 advisory. There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted...
Medium: OpenEXR
Issue Overview: There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. CVE-2021-3479 Affected...
[SECURITY] [DLA 3236-1] openexr security update
Debian LTS Advisory DLA-3236-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 12, 2022 https://wiki.debian.org/LTS Package : openexr Version : 2.2.1-4.1+deb10u2 CVE ID : CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 CVE-2021-3474 CVE-2021-3475 CVE-2021-34...
GLSA-202107-27 : OpenEXR: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202107-27 OpenEXR: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for detail...
Updated openexr packages fix security vulnerabilities
Updated openexr packages fix security vulnerabilities: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...
[SECURITY] [DLA 2701-1] openexr security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2701-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler July 03, 2021 https://wiki.debian.org/LTS -...
SUSE SLED12: libIlmImf-Imf_2_1-21 / libIlmImf-Imf_2_1-21-32bit / openexr / etc (SUSE-SU-2021:2159-1)
The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2159-1 advisory. - Fixed CVE-2021-3479 bsc1184354: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605...
SUSE: Security Advisory (SUSE-SU-2021:2159-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:2159-1 Security update for openexr
This update for openexr fixes the following issues: - Fixed CVE-2021-3479 bsc1184354: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 bsc1187395: Heap buffer overflow in the rleUncompress function - Fixed CVE-2021-3598 bsc1187310: Heap buffer overflow in...
SUSE: Security Advisory (SUSE-SU-2021:14757-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:1489-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : openexr (openSUSE-2021-670)
This update for openexr fixes the following issues : - CVE-2021-23215: Fixed an integer-overflow in Imf25:DwaCompressor:initializeBuffers bsc1185216. - CVE-2021-26260: Fixed an Integer-overflow in Imf25:DwaCompressor:initializeBuffers bsc1185217. - CVE-2021-20296: Fixed a NULL pointer dereference...
USN-4900-1: OpenEXR vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or...
CVE-2021-3479
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability...
CVE-2021-3479
CVE-2021-3479 is a vulnerability in OpenEXR’s Scanline API. The flaw affects OpenEXR versions prior to 3.0.0-beta where processing a crafted EXR file can trigger excessive memory consumption, resulting in a denial of service (system availability impact). Connected advisories confirm real-world re...
FreeBSD : openexr, ilmbase -- security fixes related to reading corrupted input files (98044aba-6d72-11eb-aed7-1b1b8a70cc8b)
Cary Phillips reports : Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files.... C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021...