Vulnerability Details : CVE-2021-20303
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2021-20303
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20303
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20303
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H |
1.8
|
4.2
|
NIST |
CWE ids for CVE-2021-20303
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: secalert@redhat.com (Primary)
References for CVE-2021-20303
-
https://github.com/AcademySoftwareFoundation/openexr/pull/831
Use Int64 in dataWindowForTile to prevent integer overflow by peterhillman · Pull Request #831 · AcademySoftwareFoundation/openexr · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
[SECURITY] [DLA 3236-1] openexr security updateMailing List;Third Party Advisory
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
25505 - openexr:openexr_scanlines_fuzzer: Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer - oss-fuzzThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1939151
1939151 – (CVE-2021-20303) CVE-2021-20303 OpenEXR: Heap-buffer-overflow in Imf_2_5::copyIntoFrameBufferIssue Tracking;Vendor Advisory
Jump to