Ubuntu: Security Advisory (USN-6602-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6577-1: Linux kernel (AWS) vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...

Ubuntu: Security Advisory (USN-6384-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6384-1: Linux kernel (OEM) vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 Lonial Con discover...

Amazon Linux 2022 : openexr (ALAS2022-2022-216)

The version of openexr installed on the remote host is prior to 3.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-216 advisory. - An integer overflow could occur when OpenEXR processes a crafted file on systems where sizet 64 bits. This could cause...

CVE-2021-3941

In ImfChromaticities.cpp routine RGBtoXYZ, there are some division operations such as float Z = 1 - chroma.white.x - chroma.white.y Y / chroma.white.y; and chroma.green.y X + Z / d; but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition whi...

Design/Logic Flaw

In ImfChromaticities.cpp routine RGBtoXYZ, there are some division operations such as float Z = 1 - chroma.white.x - chroma.white.y Y / chroma.white.y; and chroma.green.y X + Z / d; but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition whi...

CVE-2021-3941

OpenEXR vulnerability CVE-2021-3941 involves a divide-by-zero in ImfChromaticities.cpp RGBtoXYZ() when computing Z and related values, risking availability of programs linked with OpenEXR. Connected advisories (Astra Linux, Debian/Ubuntu disclosures, and global advisories) confirm OpenEXR as affe...

SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2021:3844-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3844-1 advisory. - An integer overflow could occur when OpenEXR processes a crafted file on systems where sizet 64 bits. This could cause an invalid...

Ubuntu 16.04 ESM / 18.04 LTS : OpenEXR vulnerability (USN-5150-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5150-1 advisory. It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash. Tenable has...