What is CVE-2021-3933?

CVE-2021-3933 is a vulnerability that could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.

What is the severity of CVE-2021-3933?

CVE-2021-3933 has a severity rating of medium with a score of 5.5.

Which software is affected by CVE-2021-3933?

OpenEXR versions 2.2.1-4.1+deb10u2, 2.5.4-2+deb11u1, 3.1.5-5, and 3.1.5-5.1 are affected on Debian. OpenEXR versions up to 3.1.2 are affected on other systems.

How can I fix CVE-2021-3933 on Debian?

To fix CVE-2021-3933 on Debian, update the OpenEXR package to version 2.2.1-4.1+deb10u2 or higher.

Is Fedora affected by CVE-2021-3933?

Yes, Fedora version 36 is affected by CVE-2021-3933.

Vulnerability/
CVE-2021-3933

medium

5.5

CWE

190

3/11/2021

25/3/2022

3/8/2024

CVE-2021-3933: Integer Overflow

Q: What is the severity of CVE-2021-3933?

CVE-2021-3933 has a severity rating of medium with a score of 5.5.

Q: Which software is affected by CVE-2021-3933?

OpenEXR versions 2.2.1-4.1+deb10u2, 2.5.4-2+deb11u1, 3.1.5-5, and 3.1.5-5.1 are affected on Debian. OpenEXR versions up to 3.1.2 are affected on other systems.

Q: How can I fix CVE-2021-3933 on Debian?

To fix CVE-2021-3933 on Debian, update the OpenEXR package to version 2.2.1-4.1+deb10u2 or higher.

Q: Is Fedora affected by CVE-2021-3933?

Yes, Fedora version 36 is affected by CVE-2021-3933.

First published: Wed Nov 03 2021(Updated: )

A vulnerability was found in openexr where an Integer-overflow was found in Imf_3_1::bytesPerDeepLineTable. References: <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
debian/openexr	<=2.2.1-4.1+deb10u1	2.2.1-4.1+deb10u2 2.5.4-2+deb11u1 3.1.5-5 3.1.5-5.1
Openexr Openexr	<3.1.2
Fedoraproject Fedora	=36
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
redhat/OpenEXR	<3.1.2	3.1.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-3933?
CVE-2021-3933 is a vulnerability that could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.
What is the severity of CVE-2021-3933?
CVE-2021-3933 has a severity rating of medium with a score of 5.5.
Which software is affected by CVE-2021-3933?
OpenEXR versions 2.2.1-4.1+deb10u2, 2.5.4-2+deb11u1, 3.1.5-5, and 3.1.5-5.1 are affected on Debian. OpenEXR versions up to 3.1.2 are affected on other systems.
How can I fix CVE-2021-3933 on Debian?
To fix CVE-2021-3933 on Debian, update the OpenEXR package to version 2.2.1-4.1+deb10u2 or higher.
Is Fedora affected by CVE-2021-3933?
Yes, Fedora version 36 is affected by CVE-2021-3933.

collector/debian-bugs
alias/CVE-2021-3933
collector/security-tracker-debian
collector/nvd-index
agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/author
agent/severity
agent/references
agent/description
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
agent/tags
agent/event
package-manager/debian
vendor/openexr
canonical/openexr openexr
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/36
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.