VDB
CVE-2021-23169
CVE-2021-23169
PUBLISHED
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
EPSS 0.57% · 69.1th percentile
Risk Scores
EPSS Score
0.57%
69.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | openexr | 0, 2.3.0-6, 2.3.0-6ubuntu0.1 |
Timeline
- Jun 8, 2021 CVE Published
- Jun 9, 2021 EPSS Score
- Aug 10, 2021 EPSS Score
- Dec 9, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Jun 10, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Oct 11, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-23169 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23169 third-party-advisory