Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia: 2021-0326 Moderate: OpenEXR Remote Code Execution Vulnerability

mageia
Calendar Grey July 10, 2021
Dist Mageia Esm H88
Revised OpenEXR distributions address significant vulnerabilities that could lead to service disruptions and potential remote exploitation in Mageia.
Updated openexr packages fix security vulnerabilities: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files

Summary

Updated openexr packages fix security vulnerabilities:
It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code (CVE-2021-3474, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-3479, CVE-2021-3598, CVE-2021-3605, CVE-2021-20296, CVE-2021-23169, CVE-2021-23215, CVE-2021-26260).

References

- https://bugs.mageia.org/show_bug.cgi?id=29005

- https://openexr.com/en/latest/

- https://ubuntu.com/security/notices/USN-4900-1

- https://ubuntu.com/security/notices/USN-4996-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4KYNJSMVA6YJY5NMKDZ5SAISKZG2KCKC/

- https://www.cve.org/CVERecord?id=CVE-2021-3474

- https://www.cve.org/CVERecord?id=CVE-2021-3475

- https://www.cve.org/CVERecord?id=CVE-2021-3476

- https://www.cve.org/CVERecord?id=CVE-2021-3477

- https://www.cve.org/CVERecord?id=CVE-2021-3478

- https://www.cve.org/CVERecord?id=CVE-2021-3479

- https://www.cve.org/CVERecord?id=CVE-2021-3598

- https://www.cve.org/CVERecord?id=CVE-2021-3605

- https://www.cve.org/CVERecord?id=CVE-2021-20296

- https://www.cve.org/CVERecord?id=CVE-2021-23169

- https://www.cve.org/CVERecord?id=CVE-2021-23215

- https://www.cve.org/CVERecord?id=CVE-2021-26260

Topics%20covered

Topics Covered

security advisory denial of service remote code execution security patch openexr mageia

Resolution

SRPMS

- 8/core/openexr-2.5.7-1.mga8

- 7/core/openexr-2.3.0-2.4.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 10 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0326.html
Type: security
CVE: CVE-2021-3474, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-3479, CVE-2021-3598, CVE-2021-3605, CVE-2021-20296, CVE-2021-23169, CVE-2021-23215, CVE-2021-26260

Topics%20covered

Topics Covered

security advisory denial of service remote code execution security patch openexr mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here