Home > Vulnerability Database > CVE-2021-20304

Mend.io Vulnerability Database

CVE-2021-20304

Good to know:

Date: August 22, 2022

A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.

Severity Score

7.5

Related Resources (10)

Url: https://access.redhat.com/security/cve/CVE-2021-20304

Url: https://github.com/AcademySoftwareFoundation/openexr/pull/849

Url: https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e

Url: https://security.gentoo.org/glsa/202210-31

Url: https://security-tracker.debian.org/tracker/CVE-2021-20304

Url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1939157

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20304

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20304

Url: https://www.mend.io/vulnerability-database/CVE-2021-20304

Severity Score

7.5

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

Upgrade Version

Upgrade to version openexr - 3.1.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20304

Good to know:

Date: August 22, 2022

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?