Integer Overflow Vulnerability in dataWindowForTile() Function of OpenEXR

Integer Overflow Vulnerability in dataWindowForTile() Function of OpenEXR

CVE-2021-20303 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

Learn more about our Web Application Penetration Testing UK.