CVE-2021-23169

high

Description

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

References

https://lists.fedoraproject.org/archives/list/[email protected]/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/

https://bugzilla.redhat.com/show_bug.cgi?id=1947612

https://lists.fedoraproject.org/archives/list/[email protected]/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/

https://security.gentoo.org/glsa/202210-31

Details

Source: MITRE

Published: 2021-06-08

Updated: 2022-12-07

Type: CWE-787

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH