CVE-2021-23215

Published: 6/8/2021 Last updated: 8/3/2024 Reserved: 4/22/2021

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

conf-openimageio

Products affected (1)

Product	Vendor	Version
OpenEXR	n/a	version 1803 (Core Installation)

References (10)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/
https://bugzilla.redhat.com/show_bug.cgi?id=1947586
https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html
https://www.debian.org/security/2022/dsa-5299
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/
https://bugzilla.redhat.com/show_bug.cgi?id=1947586
https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html
https://www.debian.org/security/2022/dsa-5299
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html