Denial Of Service (DoS)

2021-07-1920:20:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

openexr security vulnerability dos

EPSS

0.001

Percentile

45.1%

JSON

openexr is vulnerable to denial of service. A NULL pointer dereference in Imf_2_5::Header::operator allows an attacker to crash the application via a malicious multi-part input file.

References

bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740

bugzilla.redhat.com/show_bug.cgi?id=1939154

github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f

security-tracker.debian.org/tracker/CVE-2021-20299

Denial Of Service (DoS)

References

Related