CVE-2021-45942

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.1.0 through 3.1.3

Description The issue is related to a heap-based buffer overflow in the Imf 3 1::LineCompositeTask::execute function, which can be called from IlmThread 3 1::NullThreadPoolProvider::addTask and IlmThread 3 1::ThreadPool::addGlobalTask. This overflow can potentially allow an attacker to cause a buffer overflow.

Recommendations For OpenEXR versions 3.1.0 through 3.1.3, update to version 3.1.4 or later to resolve the issue. As a temporary workaround, consider disabling the Imf 3 1::LineCompositeTask::execute function until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2022-00736

CVE-2021-45942

DLA-3236-1

DSA-5299-1

MGASA-2022-0020

OESA-2022-1639

OPENSUSE-SU-2022:0062-1

OPENSUSE-SU-2022_0062-1

OPENSUSE-SU-2022_0062-2

OPENSUSE-SU-2024:11712-1

SUSE-SU-2022:0061-1

SUSE-SU-2022:0062-1

SUSE-SU-2022:0062-2

SUSE-SU-2022_0061-1

SUSE-SU-2022_0062-1

Affected Products

Astra Linux

Openexr

Suse

CVE-2021-45942

Weakness Enumeration

Related Identifiers

Affected Products

References · 46