---

CVE-2021-3598 - log back

CVE-2021-3598 edited at 02 Jul 2021 20:06:18
Description	- A heap-buffer overflow was found in the readChars function of OpenEXR. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR. + A heap-buffer overflow was found in the readChars function of OpenEXR before version 3.0.5. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
References	https://bugzilla.redhat.com/show_bug.cgi?id=1970987 https://github.com/AcademySoftwareFoundation/openexr/issues/1033 https://github.com/AcademySoftwareFoundation/openexr/pull/1037 - https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 + https://github.com/AcademySoftwareFoundation/openexr/commit/b054116e57ebf62739a17217f922359b174d1332

CVE-2021-3598 edited at 14 Jun 2021 08:39:28
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ A heap-buffer overflow was found in the readChars function of OpenEXR. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1970987 + https://github.com/AcademySoftwareFoundation/openexr/issues/1033 + https://github.com/AcademySoftwareFoundation/openexr/pull/1037 + https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1
Notes

CVE-2021-3598 created at 14 Jun 2021 08:37:28