Ubuntu.comUB:CVE-2021-3941CVE-2021-3941
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
13.5%
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division
operations such as float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y; and chroma.green.y * (X + Z))) / d; but the divisor is
not checked for a 0 value. A specially crafted file could trigger a
divide-by-zero condition which could affect the availability of programs
linked with OpenEXR.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | openexr | < 2.2.0-11.1ubuntu1.9 | UNKNOWN |
| ubuntu | 20.04 | noarch | openexr | < 2.3.0-6ubuntu0.5+esm1 | UNKNOWN |
| ubuntu | 22.04 | noarch | openexr | < 2.5.7-1ubuntu0.1~esm1 | UNKNOWN |
| ubuntu | 16.04 | noarch | openexr | < 2.2.0-10ubuntu2.6+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
References
Related
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
13.5%