Alpine: multiple openexr packages: security update to 2.5.4-r0

medium Tenable Self-Hosted Container Security Plugin ID 405914

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker
who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting
application availability. (CVE-2021-3476)

- There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR
could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application
availability. (CVE-2021-3474)

- There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be
processed by OpenEXR could cause an integer overflow, potentially leading to problems with application
availability. (CVE-2021-3475)

- There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker
who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow,
subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application
availability. (CVE-2021-3477)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-20296

https://security.alpinelinux.org/vuln/CVE-2021-3474

https://security.alpinelinux.org/vuln/CVE-2021-3475

https://security.alpinelinux.org/vuln/CVE-2021-3476

https://security.alpinelinux.org/vuln/CVE-2021-3477

https://security.alpinelinux.org/vuln/CVE-2021-3478

https://security.alpinelinux.org/vuln/CVE-2021-3479

Plugin Details

Severity: Medium

ID: 405914

Version: Revision 1.27

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-3476

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-3479

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/30/2021

Reference Information

CVE: CVE-2021-20296, CVE-2021-3474, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-3479