CVE-2021-23169
8.8
HIGH
CVSS 3.1
EPSS 0.57%
Description
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
How to fix CVE-2021-23169
To remediate CVE-2021-23169, upgrade the affected package to a fixed version below.
- Debian/openexr—upgrade to 2.5.4-2 or later
Is CVE-2021-23169 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.5.4-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |