Published: 31/03/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

There's a flaw in OpenEXR's deep tile sample size calculations in versions prior to 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openexr openexr
debian debian linux 9.0
debian debian linux 10.0

Debian Bug report logs - #986796 CVE-2021-20296 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479 Package: openexr; Maintainer for openexr is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Source for openexr is src:openexr (PTS, buildd, popcon) Reported by: Mor ...

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 254 An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read ...

CWE-190 https://bugzilla.redhat.com/show_bug.cgi?id=1939159 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956 https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html https://security.gentoo.org/glsa/202107-27 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-3477

CVE-2021-3477

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect