[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and
From: |
Léo Le Bouter |
Subject: |
bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475 |
Date: |
Fri, 02 Apr 2021 12:04:09 +0200 |
User-agent: |
Evolution 3.34.2 |
Another:
CVE-2021-20296 01.04.21 16:15
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted
input file supplied by an attacker, that is processed by the Dwa
decompression functionality of OpenEXR's IlmImf library, could cause a
NULL pointer dereference. The highest threat from this vulnerability is
to system availability.
Fix:
https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
signature.asc
Description: This is a digitally signed message part