CVE-2021-20303

Description

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

LOW

PrivilegesRequired

NONE

BaseScore

6.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Version

3.1

UserInteraction

REQUIRED

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

5.8

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE