CVE-2021-3605 log

Source
Severity Medium
Remote Yes
Type Arbitrary code execution
Description
A heap-buffer overflow was found in the rleUncompress function of OpenEXR before version 2.4.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
Group Package Affected Fixed Severity Status Ticket
AVG-2107 openexr 2.4.0-7 2.4.1-1 Medium Fixed
References
https://bugzilla.redhat.com/show_bug.cgi?id=1970991
https://github.com/AcademySoftwareFoundation/openexr/pull/1036
https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268
https://github.com/AcademySoftwareFoundation/openexr/pull/643
https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
https://github.com/AcademySoftwareFoundation/openexr/pull/659
https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4