CVE-2021-3476
30.03.2021, 18:15
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openexr | openexr | 𝑥 < 2.4.3 |
| openexr | openexr | 2.5.0 ≤ 𝑥 < 2.5.4 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libIlmImf-2_2-23 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libIlmImf-Imf_2_1-21 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libIlmImfUtil-2_2-23 |
| ||||||||||||||||||||||||||||||||||||||||||||
| openexr |
| ||||||||||||||||||||||||||||||||||||||||||||
| openexr-devel |
|
References