Home > Vulnerability Database > CVE-2021-23169

Mend.io Vulnerability Database

CVE-2021-23169

Good to know:

Date: June 7, 2021

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

Language: C

Severity Score

8.8

Related Resources (14)

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/

Url: https://security.archlinux.org/CVE-2021-23169

Url: https://security-tracker.debian.org/tracker/CVE-2021-23169

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-23169

Url: https://access.redhat.com/security/cve/CVE-2021-23169

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23169

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/

Url: https://security.alpinelinux.org/vuln/CVE-2021-23169

Url: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e

Url: https://security.gentoo.org/glsa/202210-31

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1947612

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/

Url: https://www.mend.io/vulnerability-database/CVE-2021-23169

Severity Score

8.8

Weakness Type (CWE)

Buffer Errors

CWE-119

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version v3.0.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-23169

Good to know:

Date: June 7, 2021

Language: C

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?