PT-2021-17191 · Openexr+2 · Openexr+2

Pedro Sampaio

Published

2021-06-08

Updated

2023-10-17

CVE-2021-26945

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.1

Description: An integer overflow leading to a heap-buffer overflow was found in OpenEXR. This issue could be exploited by an attacker to crash an application compiled with OpenEXR.

Recommendations: For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue.

Fix

Integer Overflow

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-400

Related Identifiers

ALT-PU-2023-1408

AZL-45207

CVE-2021-26945

ROSA-SA-2023-2247

Affected Products

Alt Linux

Debian

Openexr

PT-2021-17191 · Openexr+2 · Openexr+2

CVE-2021-26945

Weakness Enumeration

Related Identifiers

Affected Products

References · 11