bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and

From:	Léo Le Bouter
Subject:	bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475
Date:	Fri, 02 Apr 2021 12:04:09 +0200
User-agent:	Evolution 3.34.2

Another:

CVE-2021-20296  01.04.21 16:15
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted
input file supplied by an attacker, that is processed by the Dwa
decompression functionality of OpenEXR's IlmImf library, could cause a
NULL pointer dereference. The highest threat from this vulnerability is
to system availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475, Léo Le Bouter, 2021/04/01
- bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475, Léo Le Bouter <=

Prev by Date: bug#44593: (guix git) doesn’t honor HTTP/HTTPS proxy settings for submodules
Next by Date: bug#47562: java-eclipse-jetty-* packages are vulnerable to CVE-2021-28165, CVE-2021-28164 and CVE-2021-28163 (also probably MANY others, 4y w/o upgrade)
Previous by thread: bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475
Next by thread: bug#47542: rust-stackvector package is vulnerable to CVE-2021-29939
Index(es):
- Date
- Thread