pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1265dd8e77
vuln-list-alt/oval/c9f2/ALT-PU-2021-3360/definitions.json
pepelyaevip 9e3addb072 ALT Vulnerability
2024-01-10 07:45:25 +00:00

201 lines
9.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20213360",
"Version": "oval:org.altlinux.errata:def:20213360",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-3360: package `openexr` update to version 2.3.0-alt1.c9f2.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-3360",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-3360",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04485",
"RefURL": "https://bdu.fstec.ru/vul/2021-04485",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04537",
"RefURL": "https://bdu.fstec.ru/vul/2021-04537",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05191",
"RefURL": "https://bdu.fstec.ru/vul/2021-05191",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05210",
"RefURL": "https://bdu.fstec.ru/vul/2021-05210",
"Source": "BDU"
},
{
"RefID": "CVE-2020-16587",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-16587",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20296",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20296",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3598",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3598",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3605",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3605",
"Source": "CVE"
}
],
"Description": "This update upgrades openexr to version 2.3.0-alt1.c9f2.1. \nSecurity Fix(es):\n\n * BDU:2021-04485: Уязвимость функции ImfDeepScanLineInputFile() библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-04537: Уязвимость функции RleUncompress() библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05191: Уязвимость компонента ImfMultiPartInputFile формата графического формата для хранения изображений OpenEXR, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05210: Уязвимость функции декомпрессии Dwa библиотеки IlmImf программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-16587: A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.\n\n * CVE-2021-20296: A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-3598: There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.\n\n * CVE-2021-3605: There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2021-11-25"
},
"Updated": {
"Date": "2021-11-25"
},
"bdu": [
{
"Cvss": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-119, CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-04485",
"Impact": "Low",
"Public": "20210601",
"CveID": "BDU:2021-04485"
},
{
"Cvss": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Cwe": "CWE-119, CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-04537",
"Impact": "Low",
"Public": "20210603",
"CveID": "BDU:2021-04537"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Cwe": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-05191",
"Impact": "Low",
"Public": "20201209",
"CveID": "BDU:2021-05191"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"Cwe": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2021-05210",
"Impact": "Low",
"Public": "20200813",
"CveID": "BDU:2021-05210"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-16587",
"Impact": "Low",
"Public": "20201209",
"CveID": "CVE-2020-16587"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"Cwe": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20296",
"Impact": "Low",
"Public": "20210401",
"CveID": "CVE-2021-20296"
},
{
"Cvss": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3598",
"Impact": "Low",
"Public": "20210706",
"CveID": "CVE-2021-3598"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Cwe": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3605",
"Impact": "Low",
"Public": "20210825",
"CveID": "CVE-2021-3605"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20213360001",
"Comment": "libilmimf24 is earlier than 0:2.3.0-alt1.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213360002",
"Comment": "libilmimfutil24 is earlier than 0:2.3.0-alt1.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213360003",
"Comment": "openexr is earlier than 0:2.3.0-alt1.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213360004",
"Comment": "openexr-devel is earlier than 0:2.3.0-alt1.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213360005",
"Comment": "openexr24-common is earlier than 0:2.3.0-alt1.c9f2.1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink