What the vulnerability does

01Description

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

Key dates

02Disclosure timeline

June 8, 2021 CVE published
August 3, 2024 Record updated