Vulnerability roundup 106: openexr-2.5.7: 1 advisory [5.5]

NixOS / nixpkgs

Nix Packages collection & NixOS

MIT License

16.61k stars 13.09k forks source link

Vulnerability roundup 106: openexr-2.5.7: 1 advisory [5.5] #138690

Closed ckauhaus closed 2 months ago

ckauhaus commented 2 years ago

search, files

[ ] CVE-2021-3605 CVSSv3=5.5 (nixos-21.05, nixos-unstable)

CVE details

CVE-2021-3605

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Scanned versions: nixos-21.05: 6120ac5cd20; nixos-unstable: bc9b956714e.

tomodachi94 commented 2 months ago

CVE-2021-3605 (DSA-5299, GLSA-202210-31) resolved by #153413 and #153636