CVE-2021-20298

2022-08-2316:15:09

Debian Security Bug Tracker

security-tracker.debian.org

openexr

b44compressor

memory exhaustion

vulnerability

system availability

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

61.9%

JSON

A flaw was found in OpenEXR’s B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.

OSVersionArchitecturePackageVersionFilename
Debian12allopenexr< 2.5.4-1openexr_2.5.4-1_all.deb
Debian11allopenexr< 2.5.4-1openexr_2.5.4-1_all.deb
Debian999allopenexr< 2.5.4-1openexr_2.5.4-1_all.deb
Debian13allopenexr< 2.5.4-1openexr_2.5.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openexr	< 2.5.4-1	openexr_2.5.4-1_all.deb
Debian	11	all	openexr	< 2.5.4-1	openexr_2.5.4-1_all.deb
Debian	999	all	openexr	< 2.5.4-1	openexr_2.5.4-1_all.deb
Debian	13	all	openexr	< 2.5.4-1	openexr_2.5.4-1_all.deb