Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3474 (GCVE-0-2021-3474)
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.593Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939142" }, { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831" }, { "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" }, { "name": "GLSA-202107-27", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-27" }, { "name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenEXR", "vendor": "n/a", "versions": [ { "status": "affected", "version": "OpenEXR 3.0.0-beta" } ] } ], "descriptions": [ { "lang": "en", "value": "There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939142" }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831" }, { "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" }, { "name": "GLSA-202107-27", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202107-27" }, { "name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3474", "datePublished": "2021-03-30T00:00:00", "dateReserved": "2021-03-29T00:00:00", "dateUpdated": "2024-08-03T16:53:17.593Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-3474\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-03-30T18:15:17.933\",\"lastModified\":\"2024-11-21T06:21:37.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.\"},{\"lang\":\"es\",\"value\":\"Se presenta un fallo en OpenEXR en versiones anteriores a 3.0.0-beta.\u0026#xa0;Un archivo de entrada dise\u00f1ado que es procesado por OpenEXR podr\u00eda causar un desbordamiento de cambios en FastHufDecoder, lo que podr\u00eda generar problemas con la disponibilidad de la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.3\",\"matchCriteriaId\":\"12541242-6F4A-457C-B0D3-B97C75F79627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndExcluding\":\"2.5.4\",\"matchCriteriaId\":\"3540D6CF-36A9-4FE9-9D0D-C3263DE61E62\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1939142\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202107-27\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1939142\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202107-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
fkie_cve-2021-3474
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
openexr | openexr | * | |
openexr | openexr | * | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "matchCriteriaId": "12541242-6F4A-457C-B0D3-B97C75F79627", "versionEndExcluding": "2.4.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "matchCriteriaId": "3540D6CF-36A9-4FE9-9D0D-C3263DE61E62", "versionEndExcluding": "2.5.4", "versionStartIncluding": "2.5.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability." }, { "lang": "es", "value": "Se presenta un fallo en OpenEXR en versiones anteriores a 3.0.0-beta.\u0026#xa0;Un archivo de entrada dise\u00f1ado que es procesado por OpenEXR podr\u00eda causar un desbordamiento de cambios en FastHufDecoder, lo que podr\u00eda generar problemas con la disponibilidad de la aplicaci\u00f3n." } ], "id": "CVE-2021-3474", "lastModified": "2024-11-21T06:21:37.787", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-03-30T18:15:17.933", "references": [ { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939142" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202107-27" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939142" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202107-27" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "secalert@redhat.com", "type": "Primary" } ] }
cnvd-2021-25724
Vulnerability from cnvd
Title: LIM OpenEXR移位溢出漏洞
Description:
OpenEXR是一种开放标准的高动态范围图像格式,在计算机图形学里被广泛用于存储图像数据,但也可以存储一些后期合成处理所需的数据。
LIM OpenEXR 3.0.0-beta之前版本中的FastHufDecoder存在移位溢出漏洞,攻击者可通过特制输入文件利用该漏洞导致拒绝服务。
Severity: 中
Patch Name: LIM OpenEXR移位溢出漏洞的补丁
Patch Description:
OpenEXR是一种开放标准的高动态范围图像格式,在计算机图形学里被广泛用于存储图像数据,但也可以存储一些后期合成处理所需的数据。
LIM OpenEXR 3.0.0-beta之前版本中的FastHufDecoder存在移位溢出漏洞,攻击者可通过特制输入文件利用该漏洞导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新:https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-3474
Name | Industrial Light and Magic OpenEXR <3.0.0-beta |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2021-3474", "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-3474" } }, "description": "OpenEXR\u662f\u4e00\u79cd\u5f00\u653e\u6807\u51c6\u7684\u9ad8\u52a8\u6001\u8303\u56f4\u56fe\u50cf\u683c\u5f0f\uff0c\u5728\u8ba1\u7b97\u673a\u56fe\u5f62\u5b66\u91cc\u88ab\u5e7f\u6cdb\u7528\u4e8e\u5b58\u50a8\u56fe\u50cf\u6570\u636e\uff0c\u4f46\u4e5f\u53ef\u4ee5\u5b58\u50a8\u4e00\u4e9b\u540e\u671f\u5408\u6210\u5904\u7406\u6240\u9700\u7684\u6570\u636e\u3002\n\nLIM OpenEXR 3.0.0-beta\u4e4b\u524d\u7248\u672c\u4e2d\u7684FastHufDecoder\u5b58\u5728\u79fb\u4f4d\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u8f93\u5165\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002", "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2021-25724", "openTime": "2021-03-30", "patchDescription": "OpenEXR\u662f\u4e00\u79cd\u5f00\u653e\u6807\u51c6\u7684\u9ad8\u52a8\u6001\u8303\u56f4\u56fe\u50cf\u683c\u5f0f\uff0c\u5728\u8ba1\u7b97\u673a\u56fe\u5f62\u5b66\u91cc\u88ab\u5e7f\u6cdb\u7528\u4e8e\u5b58\u50a8\u56fe\u50cf\u6570\u636e\uff0c\u4f46\u4e5f\u53ef\u4ee5\u5b58\u50a8\u4e00\u4e9b\u540e\u671f\u5408\u6210\u5904\u7406\u6240\u9700\u7684\u6570\u636e\u3002\r\n\r\nLIM OpenEXR 3.0.0-beta\u4e4b\u524d\u7248\u672c\u4e2d\u7684FastHufDecoder\u5b58\u5728\u79fb\u4f4d\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u8f93\u5165\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "LIM OpenEXR\u79fb\u4f4d\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": "Industrial Light and Magic OpenEXR \u003c3.0.0-beta" }, "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3474", "serverity": "\u4e2d", "submitTime": "2021-03-31", "title": "LIM OpenEXR\u79fb\u4f4d\u6ea2\u51fa\u6f0f\u6d1e" }
gsd-2021-3474
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2021-3474", "description": "There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.", "id": "GSD-2021-3474", "references": [ "https://www.suse.com/security/cve/CVE-2021-3474.html", "https://ubuntu.com/security/CVE-2021-3474", "https://advisories.mageia.org/CVE-2021-3474.html", "https://security.archlinux.org/CVE-2021-3474" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-3474" ], "details": "There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.", "id": "GSD-2021-3474", "modified": "2023-12-13T01:23:35.130874Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3474", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenEXR", "version": { "version_data": [ { "version_value": "OpenEXR 3.0.0-beta" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1939142", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939142" }, { "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831" }, { "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" }, { "name": "GLSA-202107-27", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-27" }, { "name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c2.4.3||\u003e=2.5.0 \u003c2.5.4", "affected_versions": "All versions before 2.4.3, all versions starting from 2.5.0 before 2.5.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cwe_ids": [ "CWE-1035", "CWE-190", "CWE-937" ], "date": "2023-02-03", "description": "A crafted input file that is processed by OpenEXR could cause a shift overflow in the `FastHufDecoder`, potentially leading to problems with application availability.", "fixed_versions": [ "2.5.4" ], "identifier": "CVE-2021-3474", "identifiers": [ "CVE-2021-3474" ], "not_impacted": "All versions starting from 2.4.3 before 2.5.0, all versions starting from 2.5.4", "package_slug": "conan/openexr", "pubdate": "2021-03-30", "solution": "Upgrade to version 2.5.4 or above.", "title": "Integer Overflow or Wraparound", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-3474", "https://bugzilla.redhat.com/show_bug.cgi?id=1939142", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831" ], "uuid": "d4bb6269-dfc4-46ea-9de9-7e7ebaa9f4c5" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.4.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.5.4", "versionStartIncluding": "2.5.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3474" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-190" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1939142", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939142" }, { "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831", "refsource": "MISC", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831" }, { "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" }, { "name": "GLSA-202107-27", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202107-27" }, { "name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } }, "lastModifiedDate": "2023-02-03T23:52Z", "publishedDate": "2021-03-30T18:15Z" } } }
suse-su-2021:1097-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for openexr", "title": "Title of the patch" }, { "category": "description", "text": "This update for openexr fixes the following issues:\n\n- CVE-2021-3474: Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder (bsc#1184174)\n- CVE-2021-3475: Integer-overflow in Imf_2_5::calculateNumTiles (bsc#1184173)\n- CVE-2021-3476: Undefined-shift in Imf_2_5::unpack14 (bsc#1184172)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2021-1097,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1097", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1097-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2021:1097-1", "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211097-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2021:1097-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008595.html" }, { "category": "self", "summary": "SUSE Bug 1184172", "url": "https://bugzilla.suse.com/1184172" }, { "category": "self", "summary": "SUSE Bug 1184173", "url": "https://bugzilla.suse.com/1184173" }, { "category": "self", "summary": "SUSE Bug 1184174", "url": "https://bugzilla.suse.com/1184174" }, { "category": "self", "summary": "SUSE CVE CVE-2021-3474 page", "url": "https://www.suse.com/security/cve/CVE-2021-3474/" }, { "category": "self", "summary": "SUSE CVE CVE-2021-3475 page", "url": "https://www.suse.com/security/cve/CVE-2021-3475/" }, { "category": "self", "summary": "SUSE CVE CVE-2021-3476 page", "url": "https://www.suse.com/security/cve/CVE-2021-3476/" } ], "title": "Security update for openexr", "tracking": { "current_release_date": "2021-04-07T16:06:58Z", "generator": { "date": "2021-04-07T16:06:58Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2021:1097-1", "initial_release_date": "2021-04-07T16:06:58Z", "revision_history": [ { "date": "2021-04-07T16:06:58Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "product": { "name": "libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "product_id": "libIlmImf-2_2-23-2.2.1-3.24.1.aarch64" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "product": { "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "product_id": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64" } }, { "category": "product_version", "name": "openexr-2.2.1-3.24.1.aarch64", "product": { "name": "openexr-2.2.1-3.24.1.aarch64", "product_id": "openexr-2.2.1-3.24.1.aarch64" } }, { "category": "product_version", "name": "openexr-devel-2.2.1-3.24.1.aarch64", "product": { "name": "openexr-devel-2.2.1-3.24.1.aarch64", "product_id": "openexr-devel-2.2.1-3.24.1.aarch64" } }, { "category": "product_version", "name": "openexr-doc-2.2.1-3.24.1.aarch64", "product": { "name": "openexr-doc-2.2.1-3.24.1.aarch64", "product_id": "openexr-doc-2.2.1-3.24.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libIlmImf-2_2-23-64bit-2.2.1-3.24.1.aarch64_ilp32", "product": { "name": "libIlmImf-2_2-23-64bit-2.2.1-3.24.1.aarch64_ilp32", "product_id": "libIlmImf-2_2-23-64bit-2.2.1-3.24.1.aarch64_ilp32" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-64bit-2.2.1-3.24.1.aarch64_ilp32", "product": { "name": "libIlmImfUtil-2_2-23-64bit-2.2.1-3.24.1.aarch64_ilp32", "product_id": "libIlmImfUtil-2_2-23-64bit-2.2.1-3.24.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "libIlmImf-2_2-23-2.2.1-3.24.1.i586", "product": { "name": "libIlmImf-2_2-23-2.2.1-3.24.1.i586", "product_id": "libIlmImf-2_2-23-2.2.1-3.24.1.i586" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.i586", "product": { "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.i586", "product_id": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.i586" } }, { "category": "product_version", "name": "openexr-2.2.1-3.24.1.i586", "product": { "name": "openexr-2.2.1-3.24.1.i586", "product_id": "openexr-2.2.1-3.24.1.i586" } }, { "category": "product_version", "name": "openexr-devel-2.2.1-3.24.1.i586", "product": { "name": "openexr-devel-2.2.1-3.24.1.i586", "product_id": "openexr-devel-2.2.1-3.24.1.i586" } }, { "category": "product_version", "name": "openexr-doc-2.2.1-3.24.1.i586", "product": { "name": "openexr-doc-2.2.1-3.24.1.i586", "product_id": "openexr-doc-2.2.1-3.24.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "product": { "name": "libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "product_id": "libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "product": { "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "product_id": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le" } }, { "category": "product_version", "name": "openexr-2.2.1-3.24.1.ppc64le", "product": { "name": "openexr-2.2.1-3.24.1.ppc64le", "product_id": "openexr-2.2.1-3.24.1.ppc64le" } }, { "category": "product_version", "name": "openexr-devel-2.2.1-3.24.1.ppc64le", "product": { "name": "openexr-devel-2.2.1-3.24.1.ppc64le", "product_id": "openexr-devel-2.2.1-3.24.1.ppc64le" } }, { "category": "product_version", "name": "openexr-doc-2.2.1-3.24.1.ppc64le", "product": { "name": "openexr-doc-2.2.1-3.24.1.ppc64le", "product_id": "openexr-doc-2.2.1-3.24.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "product": { "name": "libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "product_id": "libIlmImf-2_2-23-2.2.1-3.24.1.s390x" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "product": { "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "product_id": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x" } }, { "category": "product_version", "name": "openexr-2.2.1-3.24.1.s390x", "product": { "name": "openexr-2.2.1-3.24.1.s390x", "product_id": "openexr-2.2.1-3.24.1.s390x" } }, { "category": "product_version", "name": "openexr-devel-2.2.1-3.24.1.s390x", "product": { "name": "openexr-devel-2.2.1-3.24.1.s390x", "product_id": "openexr-devel-2.2.1-3.24.1.s390x" } }, { "category": "product_version", "name": "openexr-doc-2.2.1-3.24.1.s390x", "product": { "name": "openexr-doc-2.2.1-3.24.1.s390x", "product_id": "openexr-doc-2.2.1-3.24.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "product": { "name": "libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "product_id": "libIlmImf-2_2-23-2.2.1-3.24.1.x86_64" } }, { "category": "product_version", "name": "libIlmImf-2_2-23-32bit-2.2.1-3.24.1.x86_64", "product": { "name": "libIlmImf-2_2-23-32bit-2.2.1-3.24.1.x86_64", "product_id": "libIlmImf-2_2-23-32bit-2.2.1-3.24.1.x86_64" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "product": { "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "product_id": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-32bit-2.2.1-3.24.1.x86_64", "product": { "name": "libIlmImfUtil-2_2-23-32bit-2.2.1-3.24.1.x86_64", "product_id": "libIlmImfUtil-2_2-23-32bit-2.2.1-3.24.1.x86_64" } }, { "category": "product_version", "name": "openexr-2.2.1-3.24.1.x86_64", "product": { "name": "openexr-2.2.1-3.24.1.x86_64", "product_id": "openexr-2.2.1-3.24.1.x86_64" } }, { "category": "product_version", "name": "openexr-devel-2.2.1-3.24.1.x86_64", "product": { "name": "openexr-devel-2.2.1-3.24.1.x86_64", "product_id": "openexr-devel-2.2.1-3.24.1.x86_64" } }, { "category": "product_version", "name": "openexr-doc-2.2.1-3.24.1.x86_64", "product": { "name": "openexr-doc-2.2.1-3.24.1.x86_64", "product_id": "openexr-doc-2.2.1-3.24.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product": { "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp2" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libIlmImf-2_2-23-2.2.1-3.24.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64" }, "product_reference": "libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le" }, "product_reference": "libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImf-2_2-23-2.2.1-3.24.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x" }, "product_reference": "libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImf-2_2-23-2.2.1-3.24.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64" }, "product_reference": "libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64" }, "product_reference": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le" }, "product_reference": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x" }, "product_reference": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64" }, "product_reference": "libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-devel-2.2.1-3.24.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64" }, "product_reference": "openexr-devel-2.2.1-3.24.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-devel-2.2.1-3.24.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le" }, "product_reference": "openexr-devel-2.2.1-3.24.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-devel-2.2.1-3.24.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x" }, "product_reference": "openexr-devel-2.2.1-3.24.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-devel-2.2.1-3.24.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" }, "product_reference": "openexr-devel-2.2.1-3.24.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3474", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2021-3474" } ], "notes": [ { "category": "general", "text": "There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2021-3474", "url": "https://www.suse.com/security/cve/CVE-2021-3474" }, { "category": "external", "summary": "SUSE Bug 1184174 for CVE-2021-3474", "url": "https://bugzilla.suse.com/1184174" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-04-07T16:06:58Z", "details": "moderate" } ], "title": "CVE-2021-3474" }, { "cve": "CVE-2021-3475", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2021-3475" } ], "notes": [ { "category": "general", "text": "There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2021-3475", "url": "https://www.suse.com/security/cve/CVE-2021-3475" }, { "category": "external", "summary": "SUSE Bug 1184173 for CVE-2021-3475", "url": "https://bugzilla.suse.com/1184173" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-04-07T16:06:58Z", "details": "moderate" } ], "title": "CVE-2021-3475" }, { "cve": "CVE-2021-3476", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2021-3476" } ], "notes": [ { "category": "general", "text": "A flaw was found in OpenEXR\u0027s B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2021-3476", "url": "https://www.suse.com/security/cve/CVE-2021-3476" }, { "category": "external", "summary": "SUSE Bug 1184172 for CVE-2021-3476", "url": "https://bugzilla.suse.com/1184172" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.24.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.24.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-04-07T16:06:58Z", "details": "moderate" } ], "title": "CVE-2021-3476" } ] }
opensuse-su-2021:0536-1
Vulnerability from csaf_opensuse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for openexr", "title": "Title of the patch" }, { "category": "description", "text": "This update for openexr fixes the following issues:\n\n- CVE-2021-3474: Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder (bsc#1184174)\n- CVE-2021-3475: Integer-overflow in Imf_2_5::calculateNumTiles (bsc#1184173)\n- CVE-2021-3476: Undefined-shift in Imf_2_5::unpack14 (bsc#1184172)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-2021-536", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0536-1.json" }, { "category": "self", "summary": "URL for openSUSE-SU-2021:0536-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3OEPCGI23GJK5SW2WMNMPUTRJTU2STGG/" }, { "category": "self", "summary": "E-Mail link for openSUSE-SU-2021:0536-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3OEPCGI23GJK5SW2WMNMPUTRJTU2STGG/" }, { "category": "self", "summary": "SUSE Bug 1184172", "url": "https://bugzilla.suse.com/1184172" }, { "category": "self", "summary": "SUSE Bug 1184173", "url": "https://bugzilla.suse.com/1184173" }, { "category": "self", "summary": "SUSE Bug 1184174", "url": "https://bugzilla.suse.com/1184174" }, { "category": "self", "summary": "SUSE CVE CVE-2021-3474 page", "url": "https://www.suse.com/security/cve/CVE-2021-3474/" }, { "category": "self", "summary": "SUSE CVE CVE-2021-3475 page", "url": "https://www.suse.com/security/cve/CVE-2021-3475/" }, { "category": "self", "summary": "SUSE CVE CVE-2021-3476 page", "url": "https://www.suse.com/security/cve/CVE-2021-3476/" } ], "title": "Security update for openexr", "tracking": { "current_release_date": "2021-04-10T22:05:18Z", "generator": { "date": "2021-04-10T22:05:18Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2021:0536-1", "initial_release_date": "2021-04-10T22:05:18Z", "revision_history": [ { "date": "2021-04-10T22:05:18Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "product": { "name": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "product_id": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "product": { "name": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "product_id": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586" } }, { "category": "product_version", "name": "openexr-2.2.1-lp152.7.11.1.i586", "product": { "name": "openexr-2.2.1-lp152.7.11.1.i586", "product_id": "openexr-2.2.1-lp152.7.11.1.i586" } }, { "category": "product_version", "name": "openexr-devel-2.2.1-lp152.7.11.1.i586", "product": { "name": "openexr-devel-2.2.1-lp152.7.11.1.i586", "product_id": "openexr-devel-2.2.1-lp152.7.11.1.i586" } }, { "category": "product_version", "name": "openexr-doc-2.2.1-lp152.7.11.1.i586", "product": { "name": "openexr-doc-2.2.1-lp152.7.11.1.i586", "product_id": "openexr-doc-2.2.1-lp152.7.11.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "product": { "name": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "product_id": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64" } }, { "category": "product_version", "name": "libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "product": { "name": "libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "product_id": "libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "product": { "name": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "product_id": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64" } }, { "category": "product_version", "name": "libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "product": { "name": "libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "product_id": "libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64" } }, { "category": "product_version", "name": "openexr-2.2.1-lp152.7.11.1.x86_64", "product": { "name": "openexr-2.2.1-lp152.7.11.1.x86_64", "product_id": "openexr-2.2.1-lp152.7.11.1.x86_64" } }, { "category": "product_version", "name": "openexr-devel-2.2.1-lp152.7.11.1.x86_64", "product": { "name": "openexr-devel-2.2.1-lp152.7.11.1.x86_64", "product_id": "openexr-devel-2.2.1-lp152.7.11.1.x86_64" } }, { "category": "product_version", "name": "openexr-doc-2.2.1-lp152.7.11.1.x86_64", "product": { "name": "openexr-doc-2.2.1-lp152.7.11.1.x86_64", "product_id": "openexr-doc-2.2.1-lp152.7.11.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Leap 15.2", "product": { "name": "openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.2" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586" }, "product_reference": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64" }, "product_reference": "libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64" }, "product_reference": "libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586" }, "product_reference": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64" }, "product_reference": "libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64" }, "product_reference": "libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-2.2.1-lp152.7.11.1.i586 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586" }, "product_reference": "openexr-2.2.1-lp152.7.11.1.i586", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-2.2.1-lp152.7.11.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64" }, "product_reference": "openexr-2.2.1-lp152.7.11.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-devel-2.2.1-lp152.7.11.1.i586 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586" }, "product_reference": "openexr-devel-2.2.1-lp152.7.11.1.i586", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-devel-2.2.1-lp152.7.11.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64" }, "product_reference": "openexr-devel-2.2.1-lp152.7.11.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-doc-2.2.1-lp152.7.11.1.i586 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586" }, "product_reference": "openexr-doc-2.2.1-lp152.7.11.1.i586", "relates_to_product_reference": "openSUSE Leap 15.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-doc-2.2.1-lp152.7.11.1.x86_64 as component of openSUSE Leap 15.2", "product_id": "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" }, "product_reference": "openexr-doc-2.2.1-lp152.7.11.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3474", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2021-3474" } ], "notes": [ { "category": "general", "text": "There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2021-3474", "url": "https://www.suse.com/security/cve/CVE-2021-3474" }, { "category": "external", "summary": "SUSE Bug 1184174 for CVE-2021-3474", "url": "https://bugzilla.suse.com/1184174" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-04-10T22:05:18Z", "details": "moderate" } ], "title": "CVE-2021-3474" }, { "cve": "CVE-2021-3475", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2021-3475" } ], "notes": [ { "category": "general", "text": "There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2021-3475", "url": "https://www.suse.com/security/cve/CVE-2021-3475" }, { "category": "external", "summary": "SUSE Bug 1184173 for CVE-2021-3475", "url": "https://bugzilla.suse.com/1184173" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-04-10T22:05:18Z", "details": "moderate" } ], "title": "CVE-2021-3475" }, { "cve": "CVE-2021-3476", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2021-3476" } ], "notes": [ { "category": "general", "text": "A flaw was found in OpenEXR\u0027s B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2021-3476", "url": "https://www.suse.com/security/cve/CVE-2021-3476" }, { "category": "external", "summary": "SUSE Bug 1184172 for CVE-2021-3476", "url": "https://bugzilla.suse.com/1184172" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-devel-2.2.1-lp152.7.11.1.x86_64", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.i586", "openSUSE Leap 15.2:openexr-doc-2.2.1-lp152.7.11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-04-10T22:05:18Z", "details": "moderate" } ], "title": "CVE-2021-3476" } ] }
ghsa-7qrq-27q3-6362
Vulnerability from github
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
{ "affected": [], "aliases": [ "CVE-2021-3474" ], "database_specific": { "cwe_ids": [ "CWE-190" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-03-30T18:15:00Z", "severity": "MODERATE" }, "details": "There\u0027s a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.", "id": "GHSA-7qrq-27q3-6362", "modified": "2022-12-12T03:31:05Z", "published": "2022-05-24T17:45:54Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3474" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939142" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202107-27" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.