CVE-2021-3941

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR (affected versions not specified)

Description The issue is related to the RGBtoXYZ() routine in the ImfChromaticities.cpp file, where certain division operations, such as float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y; and chroma.green.y * (X + Z)) / d;, do not check if the divisor is zero. This could allow a specially crafted file to trigger a divide-by-zero condition, affecting the availability of programs linked with OpenEXR.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

BDU:2023-01674

CVE-2021-3941

DLA-3236-1

DSA-5299-1

MGASA-2021-0524

OESA-2025-2355

OPENSUSE-SU-2021:1537-1

OPENSUSE-SU-2021:3844-1

OPENSUSE-SU-2021_1537-1

OPENSUSE-SU-2021_3844-1

SUSE-SU-2021:14846-1

SUSE-SU-2021:3843-1

SUSE-SU-2021:3844-1

SUSE-SU-2021_14846-1

USN-5150-1

USN-5620-1

Affected Products

Astra Linux

Linuxmint

Openexr

Suse

Ubuntu

CVE-2021-3941

Weakness Enumeration

Related Identifiers

Affected Products

References · 63