CVE-2021-3478

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta

Description: The issue is related to the implementation of the scanline input file functionality in the OpenEXR library, specifically in the ImfScanLineInputFile.cpp file. It involves an uncontrolled resource consumption when handling the to data->linesInBuffer parameter. This can be exploited by an attacker to cause a denial of service by opening specially crafted EXR files, potentially consuming excessive system memory and impacting system availability.

Recommendations: For versions prior to 3.0.0-beta, update to version 3.0.0-beta or later to resolve the issue. As a temporary workaround, consider restricting the use of the scanline input file functionality until a patch is available. Avoid processing untrusted or specially crafted EXR files with the vulnerable versions of OpenEXR to minimize the risk of exploitation.