What is CVE-2021-20304?

CVE-2021-20304 is a vulnerability found in OpenEXR's hufDecode functionality that allows an attacker to trigger an undefined right shift error by passing a crafted file to be processed by OpenEXR.

What is the severity of CVE-2021-20304?

CVE-2021-20304 has a severity rating of 7.5 (High).

How does CVE-2021-20304 affect OpenEXR?

CVE-2021-20304 affects OpenEXR versions up to and including 2.5.7 and OpenEXR version 3.0.0 on Red Hat systems.

How can an attacker exploit CVE-2021-20304?

An attacker can exploit CVE-2021-20304 by providing a specially crafted file to be processed by OpenEXR, triggering the undefined right shift error.

What is the highest threat from CVE-2021-20304?

The highest threat from CVE-2021-20304 is to system availability.

Vulnerability/
CVE-2021-20304

high

7.5

CWE

190

15/3/2021

23/8/2022

3/8/2024

CVE-2021-20304: Integer Overflow

First published: Mon Mar 15 2021(Updated: )

A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Openexr Openexr	<=2.5.7
redhat/OpenEXR	<3.0.0	3.0.0

Remedy

https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e

Remedy

https://github.com/AcademySoftwareFoundation/openexr/pull/849

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-20304?
CVE-2021-20304 is a vulnerability found in OpenEXR's hufDecode functionality that allows an attacker to trigger an undefined right shift error by passing a crafted file to be processed by OpenEXR.
What is the severity of CVE-2021-20304?
CVE-2021-20304 has a severity rating of 7.5 (High).
How does CVE-2021-20304 affect OpenEXR?
CVE-2021-20304 affects OpenEXR versions up to and including 2.5.7 and OpenEXR version 3.0.0 on Red Hat systems.
How can an attacker exploit CVE-2021-20304?
An attacker can exploit CVE-2021-20304 by providing a specially crafted file to be processed by OpenEXR, triggering the undefined right shift error.
What is the highest threat from CVE-2021-20304?
The highest threat from CVE-2021-20304 is to system availability.

collector/nvd-index
agent/type
agent/remedy
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/references
agent/last-modified-date
agent/author
agent/description
agent/tags
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2021-20304
agent/software-canonical-lookup
vendor/openexr
canonical/openexr openexr
version/openexr openexr/2.5.7
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.