CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
37.8%
software: openexr 2.5.8
OS: ROSA-CHROME
package_evr_string: openexr-2.5.8-1.src.rpm
CVE-ID: CVE-2021-3477
BDU-ID: 2021-01977
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize() function (src/lib/OpenEXR/ImfDeepTiledInputFile.cpp) of the OpenEXR library is related to integer overflow during input file processing. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code by opening specially crafted EXR files
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3478
BDU-ID: 2021-01976
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the implementation of the Zip (per scanline) file compression method (ImfScanLineInputFile.cpp) of the OpenEXR library is related to uncontrolled resource consumption when processing the to _data->linesInBuffer parameter. Exploitation of the vulnerability could allow an attacker to cause a denial of service by opening specially crafted EXR files
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3479
BDU-ID: 2021-01975
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Scanline API of the OpenEXR library is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service by opening specially crafted EXR files
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3598
BDU-ID: 2021-04485
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the ImfDeepScanLineInputFile() function of the OpenEXR library is caused by a buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3605
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: There is a flaw in OpenEXR’s rleUncompress function in versions prior to 3.0.5. An attacker who can send a crafted file to an OpenEXR-related application can cause a read outside the valid range. The greatest risk associated with this vulnerability is application accessibility.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openexr
CVE-ID: CVE-2021-3933
BDU-ID: 2023-01667
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the OpenEXR wide dynamic range luminance image storage software is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted file
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openexr
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
37.8%