First published: Fri Jun 11 2021(Updated: )
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/openexr | <=2.2.1-4.1+deb10u1 | 2.2.1-4.1+deb10u2 2.5.4-2+deb11u1 3.1.5-5 3.1.5-5.1 |
Openexr Openexr | <3.0.5 | |
Redhat Enterprise Linux | =8.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
redhat/OpenEXR | <3.0.5 | 3.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3598 is a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5 that could cause an out-of-bounds read.
The severity of CVE-2021-3598 is high with a severity value of 5.5.
An attacker can exploit CVE-2021-3598 by submitting a crafted file to an application linked with OpenEXR.
Versions prior to 3.0.5 of OpenEXR are affected by CVE-2021-3598.
To fix CVE-2021-3598, update OpenEXR to version 3.0.5 or later.