First published: Wed Mar 31 2021(Updated: )
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openexr Openexr | <2.4.3 | |
Openexr Openexr | >=2.5.0<2.5.4 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this flaw is CVE-2021-3478.
The severity of CVE-2021-3478 is medium with a CVSS score of 5.5.
This vulnerability could consume excessive system memory, impacting system availability.
Versions before 3.0.0-beta of OpenEXR are affected by this vulnerability.
To mitigate this vulnerability, update OpenEXR to version 3.0.0-beta or later.