CVE-2021-20299
Summary
| CVE | CVE-2021-20299 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-03-16 15:15:00 UTC |
|---|
| Updated | 2022-12-13 01:59:00 UTC |
|---|
| Description | A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 3236-1] openexr security update |
MLIST |
lists.debian.org |
|
| 1939154 – (CVE-2021-20299) CVE-2021-20299 OpenEXR: Null-dereference READ in Imf_2_5::Header::operator |
MISC |
bugzilla.redhat.com |
|
| add sanity check for reading multipart files with no parts (#840) · AcademySoftwareFoundation/openexr@25e9515 · GitHub |
MISC |
github.com |
|
| 25740 -
oss-fuzz -
OSS-Fuzz: Fuzzing the planet -
Monorail |
MISC |
bugs.chromium.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178742 Debian Security Update for openexr (DLA 2732-1)
- 180320 Debian Security Update for openexr (CVE-2021-20299)
- 181315 Debian Security Update for openexr (DLA 3236-1)
- 670719 EulerOS Security Update for OpenEXR (EulerOS-SA-2021-2477)
- 750987 SUSE Enterprise Linux Security Update for openexr (SUSE-SU-2021:2793-1)
- 751018 OpenSUSE Security Update for openexr (openSUSE-SU-2021:2793-1)
- 751042 OpenSUSE Security Update for openexr (openSUSE-SU-2021:1198-1)
- 751072 SUSE Enterprise Linux Security Update for openexr (SUSE-SU-2021:2913-1)
