CVE-2021-23215

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 3.0.1

Description The issue is related to an integer overflow leading to a heap-buffer overflow in the DwaCompressor component of OpenEXR. This flaw can be exploited by an attacker to crash an application compiled with OpenEXR, resulting in a denial of service. The vulnerability can be exploited remotely.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the DwaCompressor component until a patch is applied.

Fix

Integer Overflow

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-400

Related Identifiers

ALT-PU-2023-1408

AZL-44532

BDU:2021-05278

CVE-2021-23215

DLA-2701-1

DLA-3236-1

DSA-5299-1

MGASA-2021-0326

OESA-2021-1238

OPENSUSE-SU-2021:0670-1

OPENSUSE-SU-2021_0670-1

ROSA-SA-2023-2247

SUSE-SU-2021:1489-1

SUSE-SU-2021_1489-1

USN-4996-1

USN-4996-2

USN-5620-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Openexr

Suse

Ubuntu

CVE-2021-23215

Weakness Enumeration

Related Identifiers

Affected Products

References · 68