UBUNTU-CVE-2021-23169
- Source
- https://ubuntu.com/security/CVE-2021-23169
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-23169.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-23169
- Related
- Published
- 2021-06-08T12:15:00Z
- Modified
- 2025-01-13T10:22:29Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
- References
Affected packages
Ubuntu:20.04:LTS / openexr
Package
- Name
- openexr
- Purl
- pkg:deb/ubuntu/openexr@2.3.0-6ubuntu0.5?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS / openexr
Package
- Name
- openexr
- Purl
- pkg:deb/ubuntu/openexr@2.5.7-1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.7-1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "negligible",
"binaries": [
{
"binary_version": "2.5.7-1",
"binary_name": "libopenexr-dev"
},
{
"binary_version": "2.5.7-1",
"binary_name": "libopenexr25"
},
{
"binary_version": "2.5.7-1",
"binary_name": "libopenexr25-dbgsym"
},
{
"binary_version": "2.5.7-1",
"binary_name": "openexr"
},
{
"binary_version": "2.5.7-1",
"binary_name": "openexr-dbgsym"
},
{
"binary_version": "2.5.7-1",
"binary_name": "openexr-doc"
}
]
}