Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2021-3475

Published: 30/03/2021 Updated: 03/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openexr

Vulnerability Summary

There is a flaw in OpenEXR in versions prior to 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openexr openexr

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2021-20296 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479
Debian Bug report logs - #986796 CVE-2021-20296 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479 Package: openexr; Maintainer for openexr is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Source for openexr is src:openexr (PTS, buildd, popcon) Reported by: Mor ...
Amazon Linux 2: ALAS2-2023-2078
A flaw was found in OpenEXR's B44Compressor This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application The highest threat from this vulnerability is to system availability (CVE-2021-20298) A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisccpp An at ...
Red Hat: CVE-2021-3475
No description is available for this CVE ...
Arch Linux Issues:
There is a flaw in OpenEXR in versions before 300-beta An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability ...

References

CWE-190https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297https://bugzilla.redhat.com/show_bug.cgi?id=1939144https://lists.debian.org/debian-lts-announce/2021/07/msg00001.htmlhttps://security.gentoo.org/glsa/202107-27https://lists.debian.org/debian-lts-announce/2022/12/msg00022.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2078.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook