An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
Integer Overflow or Wraparound
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/openexr | deb | debian | 11 | >=2.5.4-2+deb11u1 | Not yet available |
debian/openexr | deb | debian | 13 | <3.1.5-2 | 3.1.5-2 |
debian/openexr | deb | debian | 12 | <3.1.5-2 | 3.1.5-2 |
debian/openexr | deb | debian | 10 | >=2.2.1-4.1+deb10u1 | Not yet available |
debian/openexr | deb | debian | unstable | <3.1.5-2 | 3.1.5-2 |
Severity and metrics
No CVSS data available from this source.
1.8
-
1.8