CVE-2021-3598 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary code execution
Description	A heap-buffer overflow was found in the readChars function of OpenEXR before version 3.0.5. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2071	openexr	3.0.4-1	3.0.5-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
06 Jul 2021	ASA-202107-14	AVG-2071	openexr	Medium	arbitrary code execution

References
https://bugzilla.redhat.com/show_bug.cgi?id=1970987 https://github.com/AcademySoftwareFoundation/openexr/issues/1033 https://github.com/AcademySoftwareFoundation/openexr/pull/1037 https://github.com/AcademySoftwareFoundation/openexr/commit/b054116e57ebf62739a17217f922359b174d1332

References

https://bugzilla.redhat.com/show_bug.cgi?id=1970987
https://github.com/AcademySoftwareFoundation/openexr/issues/1033
https://github.com/AcademySoftwareFoundation/openexr/pull/1037
https://github.com/AcademySoftwareFoundation/openexr/commit/b054116e57ebf62739a17217f922359b174d1332