CVE-2021-3477
Gentoo Linux Security Advisory 202107-27
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
Se presenta un fallo en los cálculos de tamaño de la muestra de mosaicos profundos de OpenEXR versiones anteriores a la 3.0.0-beta. Un atacante que pueda ser capaz de enviar un archivo diseñado para que sea procesado por OpenEXR podría desencadenar un desbordamiento de enteros, posteriormente conllevando a una lectura fuera de límites. El mayor riesgo de este fallo es la disponibilidad de la aplicación.
Multiple vulnerabilities have been found in OpenEXR, the worst of which could result in the arbitrary execution of code. Versions less than 2.5.6 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-30 CVE Reserved
- 2021-03-31 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1939159 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202107-27 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openexr Search vendor "Openexr" | Openexr Search vendor "Openexr" for product "Openexr" | < 2.4.3 Search vendor "Openexr" for product "Openexr" and version " < 2.4.3" | - |
Affected
| ||||||
| Openexr Search vendor "Openexr" | Openexr Search vendor "Openexr" for product "Openexr" | >= 2.5.0 < 2.5.4 Search vendor "Openexr" for product "Openexr" and version " >= 2.5.0 < 2.5.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||