Vulnerabilities > CVE-2021-23169 - Out-of-bounds Write vulnerability in multiple products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

openexr

fedoraproject

CWE-787

NVD

Published: 2021-06-08

Updated: 2023-11-07

Summary

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

Vulnerable Configurations

Part	Description	Count
Application	Openexr Openexr Openexr - Openexr Openexr 1.0 Openexr Openexr 1.0.1 Openexr Openexr 1.0.2 Openexr Openexr 1.0.3 Openexr Openexr 1.0.4 Openexr Openexr 1.0.5 Openexr Openexr 1.0.6 Openexr Openexr 1.0.7 Openexr Openexr 1.1.0 Openexr Openexr 1.1.1 Openexr Openexr 1.2.1 Openexr Openexr 1.2.2 Openexr Openexr 1.3.0 Openexr Openexr 1.3.1 Openexr Openexr 1.3.2 Openexr Openexr 1.4.0 Openexr Openexr 1.5.0 Openexr Openexr 1.6.0 Openexr Openexr 1.6.1 Openexr Openexr 1.7.0 Openexr Openexr 1.7.1 Openexr Openexr 2.0.0 Openexr Openexr 2.0.1 Openexr Openexr 2.1.0 Openexr Openexr 2.2.0 Openexr Openexr 2.2.1 Openexr Openexr 2.2.2 Openexr Openexr 2.3.0 Openexr Openexr 2.4.0 Openexr Openexr 2.4.1 Openexr Openexr 2.4.2 Openexr Openexr 2.4.3 Openexr Openexr 2.5.0 Openexr Openexr 2.5.1 Openexr Openexr 2.5.2 Openexr Openexr 2.5.3 Openexr Openexr 2.5.4 Openexr Openexr 2.5.5 Openexr Openexr 2.5.6 Openexr Openexr 2.5.7 Openexr Openexr 2.5.8 Openexr Openexr 2.5.9 Openexr Openexr 2.5.10 Openexr Openexr 3.0.0	52
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 34	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References