AZL-44256

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44256.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-44256

Upstream

CVE-2021-23169

Published

2021-06-08T12:15:10Z

Modified

2026-04-01T05:15:32.243283Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2021-23169 affecting package OpenEXR 2.3.0-6

Details

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-23169

Affected packages

Azure Linux:3 / OpenEXR

Package

Name: OpenEXR
Purl: pkg:rpm/azure-linux/OpenEXR

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.3.0-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44256.json"