Lucene search

UbuntuUSN-5620-1

HistorySep 20, 2022 - 12:00 a.m.

OpenEXR vulnerabilities

2022-09-2000:00:00

ubuntu.com

202

openexr

ubuntu

vulnerabilities

image format

denial of service

arbitrary code

cve-2021-3598

cve-2021-3605

cve-2021-20296

cve-2021-23215

cve-2021-26260

cve-2021-3933

cve-2021-3941

esm

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

48.6%

JSON

Releases

Ubuntu 22.04 LTS
Ubuntu 20.04 LTS

Packages

openexr - tools for the OpenEXR image format

Details

It was discovered that OpenEXR incorrectly handled certain malformed EXR
image files. If a user were tricked into opening a crafted EXR image file,
a remote attacker could cause a denial of service, or possibly execute
arbitrary code. These issues only affected Ubuntu 20.04 ESM. (CVE-2021-3598,
CVE-2021-3605, CVE-2021-20296, CVE-2021-23215, CVE-2021-26260)

It was discovered that OpenEXR incorrectly handled certain EXR
image files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2021-3933)

It was discovered that OpenEXR incorrectly handled certain EXR image files.
An attacker could possibly use this issue to cause a crash. (CVE-2021-3941)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchopenexr< 2.5.7-1ubuntu0.1~esm1UNKNOWN
Ubuntu22.04noarchlibopenexr-dev< 2.5.7-1UNKNOWN
Ubuntu22.04noarchlibopenexr25< 2.5.7-1UNKNOWN
Ubuntu22.04noarchlibopenexr25-dbgsym< 2.5.7-1UNKNOWN
Ubuntu22.04noarchopenexr< 2.5.7-1UNKNOWN
Ubuntu22.04noarchopenexr-dbgsym< 2.5.7-1UNKNOWN
Ubuntu22.04noarchopenexr-doc< 2.5.7-1UNKNOWN
Ubuntu22.04noarchlibopenexr25< 2.5.7-1ubuntu0.1~esm1UNKNOWN
Ubuntu20.04noarchopenexr< 2.3.0-6ubuntu0.5+esm1UNKNOWN
Ubuntu20.04noarchlibopenexr-dev< 2.3.0-6ubuntu0.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.04	noarch	openexr	< 2.5.7-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	22.04	noarch	libopenexr-dev	< 2.5.7-1	UNKNOWN
Ubuntu	22.04	noarch	libopenexr25	< 2.5.7-1	UNKNOWN
Ubuntu	22.04	noarch	libopenexr25-dbgsym	< 2.5.7-1	UNKNOWN
Ubuntu	22.04	noarch	openexr	< 2.5.7-1	UNKNOWN
Ubuntu	22.04	noarch	openexr-dbgsym	< 2.5.7-1	UNKNOWN
Ubuntu	22.04	noarch	openexr-doc	< 2.5.7-1	UNKNOWN
Ubuntu	22.04	noarch	libopenexr25	< 2.5.7-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	20.04	noarch	openexr	< 2.3.0-6ubuntu0.5+esm1	UNKNOWN
Ubuntu	20.04	noarch	libopenexr-dev	< 2.3.0-6ubuntu0.5	UNKNOWN