CVE-2021-45942

Published: Dec 31, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416

https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0

https://github.com/AcademySoftwareFoundation/openexr/pull/1209

https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4

https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022

FEDORA-2022-89c31c0a0c

vendor-advisory

FEDORA-2022-b0a85ed1b3

vendor-advisory

FEDORA-2022-f2e0d16c90

vendor-advisory

GLSA-202210-31

vendor-advisory

DSA-5299

vendor-advisory

[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-45942

Description

Affected Products

References