QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3941

Published: Mar 25, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Vendor	Product	Versions
n/a	openexr	affected `OpenEXR 3.1.2`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2019789

FEDORA-2022-18e14f460c

vendor-advisory

vendor-advisory

vendor-advisory

[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.