CVE-2021-23169
HIGHOpenEXR < 3.0.1 - Heap-Buffer Overflow in copyIntoFrameBuffer
Title source: llmDescription
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-31
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1947612
Scores
CVSS v3
8.8
EPSS
0.0229
EPSS Percentile
81.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (3)
fedoraproject/fedora
33
fedoraproject/fedora
34
openexr/openexr
< 3.0.1
Published
Jun 08, 2021
Tracked Since
Feb 18, 2026