There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1939142 | Issue Tracking Patch Third Party Advisory |
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831 | Issue Tracking Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202107-27 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html | Mailing List Third Party Advisory |
Information
Published : 2021-03-30 11:15
Updated : 2023-02-03 15:52
NVD link : CVE-2021-3474
Mitre link : CVE-2021-3474
JSON object : View
CWE
CWE-190
Integer Overflow or Wraparound
Products Affected
debian
- debian_linux
openexr
- openexr