First published: Wed Nov 03 2021(Updated: )
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/openexr | <=2.2.1-4.1+deb10u1 | 2.2.1-4.1+deb10u2 2.5.4-2+deb11u1 3.1.5-5 3.1.5-5.1 |
Openexr Openexr | =3.1.2 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
redhat/OpenEXR | <3.1.2 | 3.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.