CVE-2021-20296

Name
CVE-2021-20296
Description
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1939141
Issue Tracking https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* openexr >= None < 2.5.4
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* openexr >= 2.5.0 < 2.5.4
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* openexr >= None < 2.4.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status