PT-2021-4012 · Openexr+5 · Openexr+5

Pedro Sampaio

Published

2021-06-03

Updated

2024-06-15

CVE-2021-3605

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 3.0.5

Description The issue is related to a flaw in OpenEXR's rleUncompress() functionality, which can cause an out-of-bounds read when a crafted file is submitted to an application linked with OpenEXR. This could lead to a denial of service, primarily affecting application availability.

Recommendations For versions prior to 3.0.5, update to version 3.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the submission of crafted files to applications linked with OpenEXR until a patch is available.

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

ALT-PU-2021-3360

ALT-PU-2023-1408

AZL-44529

BDU:2021-04537

CVE-2021-3605

DLA-2732-1

DLA-3236-1

DSA-5299-1

MGASA-2021-0326

OESA-2021-1339

OPENSUSE-SU-2021:0925-1

OPENSUSE-SU-2021:2158-1

OPENSUSE-SU-2021_0925-1

OPENSUSE-SU-2021_2158-1

OPENSUSE-SU-2024:11117-1

ROSA-SA-2023-2248

SUSE-SU-2021:14757-1

SUSE-SU-2021:2158-1

SUSE-SU-2021:2159-1

SUSE-SU-2021_14757-1

USN-4996-1

USN-4996-2

USN-5620-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Openexr

Suse

Ubuntu

PT-2021-4012 · Openexr+5 · Openexr+5

CVE-2021-3605

Weakness Enumeration

Related Identifiers

Affected Products

References · 72