{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T16:54:40.658","vulnerabilities":[{"cve":{"id":"CVE-2021-20303","sourceIdentifier":"secalert@redhat.com","published":"2022-03-04T18:15:07.993","lastModified":"2026-06-17T03:33:38.227","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well."},{"lang":"es","value":"Un fallo encontrado en la función dataWindowForTile() del archivo IlmImf/ImfTiledMisc.cpp. Un atacante que sea capaz de enviar un archivo diseñado para ser procesado por OpenEXR podría desencadenar un desbordamiento de enteros, conllevando a una escritura fuera de límites en la pila. El mayor impacto de esta falla es la disponibilidad de la aplicación, con algún impacto potencial en la integridad de los datos también"}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"n/a","product":"OpenEXR","versions":[{"version":"Fixed in v2.5.4 and beyond.","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.4","matchCriteriaId":"9A41E435-16D4-4706-B45A-0AB56664C6EF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939151","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/831","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939151","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/831","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}