Your submission was sent successfully! Close

CVE-2021-3933

Published: 9 November 2021

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
ilmbase
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Not vulnerable
(code not present)
openexr
Launchpad, Ubuntu, Debian
bionic
Released (2.2.0-11.1ubuntu1.8)
focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial
Released (2.2.0-10ubuntu2.6+esm2)
povray
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)