The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3236 advisory.

  - A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in     chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted     EXR file. (CVE-2020-16587)

  - A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in     makePreview.cpp that can cause a denial of service via a crafted EXR file. (CVE-2020-16588)

  - A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in     ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file. (CVE-2020-16589)

  - A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker,     that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL     pointer dereference. The highest threat from this vulnerability is to system availability.
    (CVE-2021-20296)

  - A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to     be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this     vulnerability is to system availability. (CVE-2021-20298)

  - A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no     actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to     system availability. (CVE-2021-20299)

  - A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows     an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow.
    The highest threat from this vulnerability is to system availability. (CVE-2021-20300)

  - A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a     crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The     highest threat from this vulnerability is to system availability. (CVE-2021-20302)

  - A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit     a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds     write on the heap. The greatest impact of this flaw is to application availability, with some potential     impact to data integrity as well. (CVE-2021-20303)

  - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in     versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
    (CVE-2021-23215)

  - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in     versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This     is a different flaw from CVE-2021-23215. (CVE-2021-26260)

  - There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR     could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application     availability. (CVE-2021-3474)

  - There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be     processed by OpenEXR could cause an integer overflow, potentially leading to problems with application     availability. (CVE-2021-3475)

  - A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker     who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting     application availability. (CVE-2021-3476)

  - There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker     who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow,     subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application     availability. (CVE-2021-3477)

  - There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker     able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The     greatest impact of this flaw is to system availability. (CVE-2021-3478)

  - There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is     able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory,     resulting in an impact to system availability. (CVE-2021-3479)

  - There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker     who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds     read. The greatest risk from this flaw is to application availability. (CVE-2021-3598)

  - There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is     able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The     greatest risk from this flaw is to application availability. (CVE-2021-3605)

  - An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.
    This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with     application stability or lead to other attack paths. (CVE-2021-3933)

  - In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 -     chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the     divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition     which could affect the availability of programs linked with OpenEXR. (CVE-2021-3941)

  - OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called     from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE:
    db217f2 may be inapplicable. (CVE-2021-45942)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DLA-3236-1 : openexr - LTS security update

medium Nessus Plugin ID 168916

Version 1.1

Version 1.0

Version 1.1 Sep 12, 2023, 2:08 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309121408
Version 1.0 Dec 19, 2022, 6:55 PM New Plugin Feed: 202212191855