Vulnerability roundup 104: openexr-2.5.3: 1 advisory [5.5]

NixOS / nixpkgs

Nix Packages collection & NixOS

MIT License

18.13k stars 14.16k forks source link

Vulnerability roundup 104: openexr-2.5.3: 1 advisory [5.5] #132145

Closed ckauhaus closed 2 years ago

ckauhaus commented 3 years ago

search, files

[ ] CVE-2021-3598 CVSSv3=5.5 (nixos-unstable)

CVE details

CVE-2021-3598

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Scanned versions: nixos-unstable: 1905f5f2e55.

FliegendeWurst commented 2 years ago

Fixed in #129462 and #129505