Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3941

Опубликовано: 21 сент. 2021
Источник: redhat
CVSS3: 4
EPSS Низкий

Описание

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y; and chroma.green.y * (X + Z))) / d; but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Отчет

This flaw is out of support scope for OpenEXR as shipped in Red Hat Enterprise Linux 6 and 7. Please see https://access.redhat.com/support/policy/updates/errata/ for more information on support scopes.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6OpenEXROut of support scope
Red Hat Enterprise Linux 7OpenEXROut of support scope
Red Hat Enterprise Linux 8mingw-OpenEXRFix deferred
Red Hat Enterprise Linux 8OpenEXRFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-369
https://bugzilla.redhat.com/show_bug.cgi?id=2019789openexr: Divide-by-zero in Imf_3_1::RGBtoXYZ

EPSS

Процентиль: 32%
0.00127
Низкий

4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3941

CVSS3: 6.5
ubuntu
почти 4 года назад

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

nvd логотип

CVE-2021-3941

CVSS3: 6.5
nvd
почти 4 года назад

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

debian логотип

CVE-2021-3941

CVSS3: 6.5
debian
почти 4 года назад

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...

github логотип

GHSA-rpq9-h75r-mccg

CVSS3: 6.5
github
почти 4 года назад

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

fstec логотип

BDU:2023-01674

CVSS3: 6.5
fstec
больше 4 лет назад

Уязвимость компонента ImfChromaticities.cpp функции RGBtoXYZ() изображений с широкими динамическими диапазоном яркости OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 32%
0.00127
Низкий

4 Medium

CVSS3