PT-2021-3966 · Openexr+5 · Openexr+5

Pedro Sampaio

Published

2021-06-01

Updated

2024-06-15

CVE-2021-3598

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 3.0.5

Description The issue is related to a flaw in OpenEXR's ImfDeepScanLineInputFile functionality. This flaw can cause an out-of-bounds read when a crafted file is submitted to an application linked with OpenEXR. The greatest risk from this flaw is to application availability. An attacker could exploit this to cause a denial of service.

Recommendations For versions prior to 3.0.5, update to version 3.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the submission of crafted files to applications linked with OpenEXR to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

ALT-PU-2021-3360

ALT-PU-2023-1408

AZL-44292

BDU:2021-04485

CVE-2021-3598

DLA-2701-1

DLA-3236-1

DSA-5299-1

MGASA-2021-0326

OESA-2021-1268

OPENSUSE-SU-2021:0925-1

OPENSUSE-SU-2021:2158-1

OPENSUSE-SU-2021_0925-1

OPENSUSE-SU-2021_2158-1

OPENSUSE-SU-2024:11117-1

ROSA-SA-2023-2248

SUSE-SU-2021:2158-1

SUSE-SU-2021:2159-1

SUSE-SU-2021_2158-1

USN-4996-1

USN-4996-2

USN-5620-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Openexr

Suse

Ubuntu

PT-2021-3966 · Openexr+5 · Openexr+5

CVE-2021-3598

Weakness Enumeration

Related Identifiers

Affected Products

References · 83