CVE-2021-23169: Out-of-bounds Write

June 8, 2021 (updated November 9, 2023)

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

References

bugzilla.redhat.com/show_bug.cgi?id=1947612
nvd.nist.gov/vuln/detail/CVE-2021-23169

Detect and mitigate CVE-2021-23169 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →