diff options
| author | Sylvain Beucler <beuc@beuc.net> | 2022-01-11 17:43:02 +0100 |
|---|---|---|
| committer | Sylvain Beucler <beuc@beuc.net> | 2022-01-11 17:43:12 +0100 |
| commit | c2431be433a5e0d1cc6a31511b041dc6a5b95a05 (patch) | |
| tree | 450949bcc437cd2bc3c329307e629767ea73d373 | |
| parent | c979c9a69475bdc58a8b3ffa08fff346fd5c3d90 (diff) | |
CVE-2021-45942/openexr: dereference uncertain patch
that was derived from automated fuzzing report,
and actually related to another oss-fuzz item.
The CVE notices "db217f2 may be inapplicable."
| -rw-r--r-- | data/CVE/list | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 0a7f7659af..4f55daab1f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2827,7 +2827,7 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCI CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...) - openexr <unfixed> NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 - NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1209 CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...) - libbpf <unfixed> NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957 |