Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3236-1:7D297
HistoryDec 11, 2022 - 11:52 p.m.

[SECURITY] [DLA 3236-1] openexr security update

2022-12-1123:52:53
lists.debian.org
29
openexr
security update
debian 10 buster
buffer overflows
denial of service
cve-2020-16587
cve-2020-16588
cve-2020-16589
cve-2021-3474
cve-2021-3475
cve-2021-3476
cve-2021-3477
cve-2021-3478
cve-2021-3479
cve-2021-3598
cve-2021-3605
cve-2021-3933
cve-2021-3941
cve-2021-20296
cve-2021-20298
cve-2021-20299
cve-2021-20300
cve-2021-20302
cve-2021-20303
cve-2021-23215
cve-2021-26260
cve-2021-45942
lts advisory
debian security tracker

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

61.9%

JSON

Debian LTS Advisory DLA-3236-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
December 12, 2022 https://wiki.debian.org/LTS

Package : openexr
Version : 2.2.1-4.1+deb10u2
CVE ID : CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 CVE-2021-3474
CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478
CVE-2021-3479 CVE-2021-3598 CVE-2021-3605 CVE-2021-3933
CVE-2021-3941 CVE-2021-20296 CVE-2021-20298 CVE-2021-20299
CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-23215
CVE-2021-26260 CVE-2021-45942
Debian Bug : 986796 992703 990450 990899 1014828

Multiple security vulnerabilities have been found in OpenEXR, command-line
tools and a library for the OpenEXR image format. Buffer overflows or
out-of-bound reads could lead to a denial of service (application crash) if
a malformed image file is processed.

For Debian 10 buster, these problems have been fixed in version
2.2.1-4.1+deb10u2.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openexr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian10armhfopenexr< 2.2.1-4.1+deb10u2openexr_2.2.1-4.1+deb10u2_armhf.deb
Debian10arm64openexr< 2.2.1-4.1+deb10u2openexr_2.2.1-4.1+deb10u2_arm64.deb
Debian10amd64libopenexr-dev< 2.2.1-4.1+deb10u2libopenexr-dev_2.2.1-4.1+deb10u2_amd64.deb
Debian10amd64libopenexr23-dbgsym< 2.2.1-4.1+deb10u2libopenexr23-dbgsym_2.2.1-4.1+deb10u2_amd64.deb
Debian10amd64openexr< 2.2.1-4.1+deb10u2openexr_2.2.1-4.1+deb10u2_amd64.deb
Debian10allopenexr< 2.2.1-4.1+deb10u2openexr_2.2.1-4.1+deb10u2_all.deb
Debian9i386libopenexr-dev< 2.2.0-11+deb9u3libopenexr-dev_2.2.0-11+deb9u3_i386.deb
Debian10amd64openexr-dbgsym< 2.2.1-4.1+deb10u2openexr-dbgsym_2.2.1-4.1+deb10u2_amd64.deb
Debian9arm64libopenexr-dev< 2.2.0-11+deb9u3libopenexr-dev_2.2.0-11+deb9u3_arm64.deb
Debian10i386libopenexr-dev< 2.2.1-4.1+deb10u2libopenexr-dev_2.2.1-4.1+deb10u2_i386.deb
Rows per page:
1-10 of 391

Related

nessus 50
osv 16
openvas 46
debian 4
mageia 4
ubuntu 5
freebsd 1
suse 10
cloudfoundry 3
rosalinux 2
amazon 1
gentoo 2
veracode 4
debiancve 7
cve 7
cvelist 4
nvd 7
prion 6
alpinelinux 2
ubuntucve 6
fedora 5
redhatcve 6
cnvd 1
nessus
nessus
Debian DLA-3236-1 : openexr - LTS security update
2022-12-19 00:00:00
Debian DLA-2701-1 : openexr - LTS security update
2021-07-03 00:00:00
RHEL 8 : openexr (Unpatched Vulnerability)
2024-07-16 00:00:00
osv
osv
openexr - security update
2022-12-12 00:00:00
openexr - security update
2021-07-03 00:00:00
openexr vulnerabilities
2022-09-20 12:52:57
openvas
openvas
Debian: Security Advisory (DLA-3236-1)
2022-12-12 00:00:00
Debian: Security Advisory (DLA-2701-1)
2021-07-04 00:00:00
Mageia: Security Advisory (MGASA-2021-0326)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DLA 2701-1] openexr security update
2021-07-03 18:16:01
[SECURITY] [DSA 5299-1] openexr security update
2022-12-10 16:27:46
[SECURITY] [DLA 2732-1] openexr security update
2021-08-04 19:53:02
mageia
mageia
Updated openexr packages fix security vulnerabilities
2021-07-10 15:56:54
Updated openexr packages fix security vulnerability
2021-11-25 16:06:13
Updated openexr packages fix security vulnerabilities
2021-01-10 22:46:12
ubuntu
ubuntu
OpenEXR vulnerabilities
2022-09-20 00:00:00
OpenEXR vulnerabilities
2021-04-01 00:00:00
OpenEXR vulnerabilities
2021-06-22 00:00:00
freebsd
freebsd
openexr, ilmbase -- security fixes related to reading corrupted input files
2021-02-12 00:00:00
suse
suse
Security update for openexr (important)
2021-08-20 00:00:00
Security update for openexr (important)
2021-08-26 00:00:00
Security update for openexr (important)
2021-05-05 00:00:00
cloudfoundry
cloudfoundry
USN-4996-1: OpenEXR vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
USN-4900-1: OpenEXR vulnerabilities | Cloud Foundry
2021-04-29 00:00:00
USN-4676-1: OpenEXR vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2248
2023-10-17 12:58:34
Advisory ROSA-SA-2023-2247
2023-10-17 12:52:56
amazon
amazon
Medium: OpenEXR
2023-06-05 16:39:00
gentoo
gentoo
OpenEXR: Multiple Vulnerabilities
2022-10-31 00:00:00
OpenEXR: Multiple vulnerabilities
2021-07-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-07-11 10:12:19
Denial Of Service (DoS)
2020-12-14 07:34:16
Denial Of Service (DoS)
2021-07-17 14:11:16
debiancve
debiancve
CVE-2021-26260
2021-06-08 12:15:10
CVE-2021-20302
2022-03-04 18:15:07
CVE-2021-20296
2021-04-01 14:15:13
cve
cve
CVE-2021-26260
2021-06-08 12:15:10
CVE-2020-16587
2020-12-09 21:15:14
CVE-2021-20299
2022-03-16 15:15:10
cvelist
cvelist
CVE-2021-26260
2021-06-08 00:00:00
CVE-2020-16587
2020-12-09 00:00:00
CVE-2021-20299
2022-03-16 00:00:00
nvd
nvd
CVE-2021-26260
2021-06-08 12:15:10
CVE-2020-16588
2020-12-09 21:15:14
CVE-2021-20298
2022-08-23 16:15:09
prion
prion
Integer overflow
2021-06-08 12:15:00
Null pointer dereference
2021-04-01 14:15:00
Design/Logic Flaw
2020-12-09 21:15:00
alpinelinux
alpinelinux
CVE-2021-26260
2021-06-08 12:15:10
CVE-2021-45942
2022-01-01 01:15:09
ubuntucve
ubuntucve
CVE-2021-26260
2021-06-08 00:00:00
CVE-2021-20300
2022-03-04 00:00:00
CVE-2020-16589
2020-12-09 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: openexr-3.1.4-1.fc35
2022-03-18 20:07:24
[SECURITY] Fedora 36 Update: openexr-3.1.4-1.fc36
2022-03-26 15:46:43
[SECURITY] Fedora 34 Update: mingw-openexr-2.5.5-4.fc34
2022-02-06 02:03:01
redhatcve
redhatcve
CVE-2021-20302
2021-07-14 18:22:02
CVE-2021-20299
2021-07-15 12:57:01
CVE-2021-20300
2021-07-14 18:27:06
cnvd
cnvd
Industrial Light and Magic Academy Software Foundation OpenEXR code issue vulnerability
2020-12-15 00:00:00

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

61.9%

JSON
Related for DEBIAN:DLA-3236-1:7D297
nessus50osv16openvas46debian4mageia4ubuntu5freebsd1suse10cloudfoundry3rosalinux2amazon1gentoo2veracode4debiancve7cve7cvelist4nvd7prion6alpinelinux2ubuntucve6fedora5redhatcve6cnvd1