QID 355396
Date Published: 2023-06-14
QID 355396: Amazon Linux Security Advisory for OpenEXR : ALAS2-2023-2078
A flaw was found in openexr's b44compressor.
This flaw allows an attacker who can submit a crafted file to be processed by openexr, to exhaust all memory accessible to the application.
The highest threat from this vulnerability is to system availability. (
( CVE-2021-20298) a flaw found in function datawindowfortile() of ilmimf/imftiledmisc.cpp.
An attacker who is able to submit a crafted file to be processed by openexr could trigger an integer overflow, leading to an out-of-bounds write on the heap.
The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. (
( CVE-2021-20303) a flaw was found in openexr's hufdecode functionality.
This flaw allows an attacker who can pass a crafted file to be processed by openexr, to trigger an undefined right shift error.
( CVE-2021-20304) there is a flaw in openexr in versions before 3.0.0-beta.
An attacker who can submit a crafted file to be processed by openexr could cause an integer overflow, potentially leading to problems with application availability. (
( CVE-2021-3475) there's a flaw in openexr's rleuncompress functionality in versions prior to 3.0.5.
An attacker who is able to submit a crafted file to an application linked with openexr could cause an out-of-bounds read.
The greatest risk from this flaw is to application availability. (
( CVE-2021-3605)
Note: The preceding description block is extracted directly from the security advisory.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2023-2078 -
alas.aws.amazon.com/AL2/ALAS-2023-2078.html
CVEs related to QID 355396
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2023-2078 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALAS-2023-2078.html |