Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-3477

Date: March 30, 2021

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. After conducting further research, Mend has determined that all versions of OpenEXR up to version v2.5.4 are vulnerable to CVE-2021-3477.

Language: C

Severity Score

Related Resources (11)

https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3477
https://security.alpinelinux.org/vuln/CVE-2021-3477
https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html
https://security.gentoo.org/glsa/202107-27
https://access.redhat.com/security/cve/CVE-2021-3477
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
https://nvd.nist.gov/vuln/detail/CVE-2021-3477
https://bugzilla.redhat.com/show_bug.cgi?id=1939159
https://security-tracker.debian.org/tracker/CVE-2021-3477
https://www.mend.io/vulnerability-database/CVE-2021-3477

Severity Score

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us