First published: Tue Mar 30 2021(Updated: )
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openexr Openexr | <2.4.3 | |
Openexr Openexr | >=2.5.0<2.5.4 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this flaw in OpenEXR is CVE-2021-3475.
The severity level of CVE-2021-3475 is medium with a severity value of 5.3.
Versions before 3.0.0-beta of OpenEXR are affected by CVE-2021-3475.
CVE-2021-3475 could potentially lead to problems with application availability due to an integer overflow caused by a crafted file.
To fix CVE-2021-3475, users should update to version 3.0.0-beta or later of OpenEXR.