CVE-2021-3941

Опубликовано: 25 мар. 2022

Источник: ubuntu

Приоритет: low

CVSS2: 2.1

CVSS3: 6.5

Описание

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y; and chroma.green.y * (X + Z))) / d; but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Релиз	Статус	Примечание
bionic	released	2.2.0-11.1ubuntu1.9
devel	not-affected	3.1.5-4
esm-apps/focal	released	2.3.0-6ubuntu0.5+esm1
esm-apps/jammy	released	2.5.7-1ubuntu0.1~esm1
esm-apps/noble	not-affected	3.1.5-4
esm-infra/bionic	released	2.2.0-11.1ubuntu1.9
esm-infra/xenial	released	2.2.0-10ubuntu2.6+esm3
focal	ignored	end of standard support, was needed
hirsute	ignored	end of life
impish	ignored	end of life

Показывать по

Ссылки на источники

2.1 Low

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-3941

CVSS3: 4

redhat

больше 4 лет назад

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

CVE-2021-3941

CVSS3: 6.5

nvd

почти 4 года назад

CVE-2021-3941

CVSS3: 6.5

debian

почти 4 года назад

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...

GHSA-rpq9-h75r-mccg

CVSS3: 6.5

github

почти 4 года назад

BDU:2023-01674

CVSS3: 6.5

fstec

больше 4 лет назад

Уязвимость компонента ImfChromaticities.cpp функции RGBtoXYZ() изображений с широкими динамическими диапазоном яркости OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании

2.1 Low

CVSS2

6.5 Medium

CVSS3

CVE-2021-3941

Описание

Пакет openexr

Ссылки на источники

Связанные уязвимости