PT-2021-7693 · Openexr+5 · Openexr+5

Dhananjay Arunesh

Published

2021-09-18

Updated

2023-10-17

CVE-2021-3933

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenEXR (affected versions not specified)

Description The issue is related to an integer overflow that could occur when OpenEXR processes a crafted file on systems where size t is less than 64 bits. This could cause invalid bytesPerLine and maxBytesPerLine values, leading to problems with application stability or potentially opening up other attack paths. The vulnerability could be exploited by a remote attacker using a specially crafted file, potentially resulting in a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2023-1408

BDU:2023-01667

CVE-2021-3933

DLA-3236-1

DSA-5299-1

MGASA-2021-0524

OESA-2022-1775

OPENSUSE-SU-2021:1537-1

OPENSUSE-SU-2021:3844-1

OPENSUSE-SU-2021_1537-1

OPENSUSE-SU-2021_3844-1

ROSA-SA-2023-2248

SUSE-SU-2021:3843-1

SUSE-SU-2021:3844-1

SUSE-SU-2021_3844-1

USN-5144-1

USN-5620-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Openexr

Suse

Ubuntu

PT-2021-7693 · Openexr+5 · Openexr+5

CVE-2021-3933

Weakness Enumeration

Related Identifiers

Affected Products

References · 55