CVE-2021-20300
Summary
| CVE | CVE-2021-20300 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-03-04 18:15:00 UTC |
|---|
| Updated | 2022-12-13 02:22:00 UTC |
|---|
| Description | A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 25562 -
oss-fuzz -
OSS-Fuzz: Fuzzing the planet -
Monorail |
MISC |
bugs.chromium.org |
|
| [SECURITY] [DLA 3236-1] openexr security update |
MLIST |
lists.debian.org |
|
| 1939153 – (CVE-2021-20300) CVE-2021-20300 OpenEXR: Integer-overflow in Imf_2_5::hufUncompress |
MISC |
bugzilla.redhat.com |
|
| prevent overflow in hufUncompress if nBits is large by peterhillman · Pull Request #836 · AcademySoftwareFoundation/openexr · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178742 Debian Security Update for openexr (DLA 2732-1)
- 179546 Debian Security Update for openexr (CVE-2021-20300)
- 181315 Debian Security Update for openexr (DLA 3236-1)
- 750987 SUSE Enterprise Linux Security Update for openexr (SUSE-SU-2021:2793-1)
- 751018 OpenSUSE Security Update for openexr (openSUSE-SU-2021:2793-1)
- 751042 OpenSUSE Security Update for openexr (openSUSE-SU-2021:1198-1)
- 751072 SUSE Enterprise Linux Security Update for openexr (SUSE-SU-2021:2913-1)
