CVE-2021-3476
Summary
| CVE | CVE-2021-3476 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-03-30 18:15:00 UTC |
|---|
| Updated | 2023-02-02 17:03:00 UTC |
|---|
| Description | A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| OpenEXR: Multiple vulnerabilities (GLSA 202107-27) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] [DLA 3236-1] openexr security update |
MLIST |
lists.debian.org |
|
| [SECURITY] [DLA 2701-1] openexr security update |
MLIST |
lists.debian.org |
|
| 24787 -
oss-fuzz -
OSS-Fuzz: Fuzzing the planet -
Monorail |
MISC |
bugs.chromium.org |
|
| 1939145 – (CVE-2021-3476) CVE-2021-3476 OpenEXR: Undefined-shift in Imf_2_5::unpack14 |
MISC |
bugzilla.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 174878 SUSE Enterprise Linux Security Update for openexr (SUSE-SU-2021:1097-1)
- 178693 Debian Security Update for openexr (DLA 2701-1)
- 180005 Debian Security Update for openexr (CVE-2021-3476)
- 181315 Debian Security Update for openexr (DLA 3236-1)
- 198318 Ubuntu Security Notification for Openexr Vulnerabilities (USN-4900-1)
- 502133 Alpine Linux Security Update for openexr
- 671586 EulerOS Security Update for OpenEXR (EulerOS-SA-2022-1544)
- 671654 EulerOS Security Update for OpenEXR (EulerOS-SA-2022-1750)
- 672178 EulerOS Security Update for openexr (EulerOS-SA-2022-2475)
- 690438 Free Berkeley Software Distribution (FreeBSD) Security Update for openexr, ilmbase (98044aba-6d72-11eb-aed7-1b1b8a70cc8b)
- 710048 Gentoo Linux OpenEXR Multiple Vulnerabilities (GLSA 202107-27)
- 750275 OpenSUSE Security Update for openexr (openSUSE-SU-2021:0536-1)
- 750987 SUSE Enterprise Linux Security Update for openexr (SUSE-SU-2021:2793-1)
- 751018 OpenSUSE Security Update for openexr (openSUSE-SU-2021:2793-1)
- 751042 OpenSUSE Security Update for openexr (openSUSE-SU-2021:1198-1)
- 751072 SUSE Enterprise Linux Security Update for openexr (SUSE-SU-2021:2913-1)
