CVE-2021-3605 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary code execution
Description	A heap-buffer overflow was found in the rleUncompress function of OpenEXR before version 2.4.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2107	openexr	2.4.0-7	2.4.1-1	Medium	Fixed

References
http://bugzilla.redhat.com/show_bug.cgi?id=1970991 http://github.com/AcademySoftwareFoundation/openexr/pull/1036 http://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268 http://github.com/AcademySoftwareFoundation/openexr/pull/643 http://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 http://github.com/AcademySoftwareFoundation/openexr/pull/659 http://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4

References

http://bugzilla.redhat.com/show_bug.cgi?id=1970991
http://github.com/AcademySoftwareFoundation/openexr/pull/1036
http://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268
http://github.com/AcademySoftwareFoundation/openexr/pull/643
http://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
http://github.com/AcademySoftwareFoundation/openexr/pull/659
http://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4