CVE-2021-20304

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-20304
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20304.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20304
Downstream
Related
Published
2022-08-23T16:15:09Z
Modified
2025-10-14T17:58:33.664013Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.

References

Affected packages

Git / github.com/academysoftwarefoundation/openexr

Affected ranges

Type
GIT
Repo
https://github.com/academysoftwarefoundation/openexr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
51a92d67f53c08230734e74564c807043cbfe41e
Type
GIT
Repo
https://github.com/openexr/openexr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

Other

OPENEXR_1_0_4

v1.*

v1.7.1

v2.*

v2.0.0
v2.0.0.GM
v2.0.0.beta.1
v2.0.0.beta.2
v2.0.1
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.4.0-beta.1
v2.5.0

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2275.0,
                "function_hash": "142599679339278390775436878791618875818"
            },
            "source": "https://github.com/academysoftwarefoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e",
            "signature_type": "Function",
            "target": {
                "function": "testHuf",
                "file": "OpenEXR/IlmImfTest/testHuf.cpp"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2021-20304-1679b5a0"
        },
        {
            "digest": {
                "line_hashes": [
                    "176619312443329297395995683934337352492",
                    "59153990626692811954531634974037640760",
                    "280545896845426792165423578461400660911",
                    "309647597067992837408997705700321225110",
                    "141598768638337190685828799387095221285",
                    "59153990626692811954531634974037640760",
                    "280545896845426792165423578461400660911",
                    "309647597067992837408997705700321225110"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/academysoftwarefoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e",
            "signature_type": "Line",
            "target": {
                "file": "OpenEXR/IlmImf/ImfHuf.cpp"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2021-20304-6ed203c3"
        },
        {
            "digest": {
                "line_hashes": [
                    "228171475889809895756915103234311474723",
                    "211348541425446003625583645029424311982",
                    "222545151195002010839262331802745695684",
                    "123809418444615929039672465823495993606",
                    "306031592317467593999739769909832548872",
                    "193598449336170322423688275719092892213",
                    "220647300859224983045921492760598584090",
                    "309233654629791003679774693033524609444",
                    "176892776764325263697564536408034591675",
                    "302870813458771027071388532728739237970",
                    "65622425798390653163547072846514818453",
                    "324481768719202754334798637136831019229",
                    "74518275870084479626946575580973110792",
                    "25547727514522005730004821624133478644",
                    "192045751469172973298747441871730922438",
                    "169064724491124496309629145572533820457",
                    "70605626775562861260846711740508896634",
                    "336912429723870090733815642676619108296",
                    "264090073998771335898534733328542145183",
                    "33459033936443227971884969393598686629",
                    "157343517884968959420940233932383699525",
                    "217484807965665175555076214503207510777",
                    "212582678668068973043304443816156211788",
                    "146987967791660056920482051128956316123",
                    "28181326755556531652834973651246564785",
                    "15530598930675586033384845841442758547",
                    "73310869741949180931061619557243965044",
                    "49219954833732573551669314778185431154",
                    "16593618965901582378453485782345120607",
                    "16734837471453617396236581449079517855",
                    "259279471084525072680577058575438206187",
                    "339172337089939287073863202488435572964",
                    "162962803419591331999561202055992232360",
                    "160339307031519541974825522946510170088",
                    "248928860887032079536803703486856593194",
                    "95543963126749663113532997325630096147",
                    "262725096885756963894686980051447799753",
                    "123254625821067332210797903513762513825",
                    "215967715629149520871904108046953053179",
                    "259571171774974096463004149095353926018",
                    "17530655067539300605368381897296879015",
                    "204726315782173892977392348255435469678",
                    "121835337635973480034200840984423180024",
                    "90717070669660149296567427081734191442",
                    "306117669700701789329557307766814220802",
                    "61504472609169805676191128426594305503",
                    "231700399743187055041196899206247429277",
                    "122516485055760580003010398310676758913",
                    "292715507876607093012967690374352900416",
                    "294790973898164824799420648800640734466",
                    "48654327463988979693325979468071293396",
                    "117182805332597910880001768519839624159",
                    "210299331129128809525057974852222107539",
                    "133499141619372449062255351366039054991",
                    "328395463138226411156826626435888100621",
                    "324563290341814529990338541121290263692",
                    "94734063386315486169871614185358862762",
                    "9234868116249880552782520179074036286",
                    "80432001400659352278056457450787992504",
                    "245978996548651627931413661881799156804",
                    "140804272341884289952622574105365258196"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/academysoftwarefoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e",
            "signature_type": "Line",
            "target": {
                "file": "OpenEXR/IlmImfTest/testHuf.cpp"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2021-20304-942f38ae"
        },
        {
            "digest": {
                "length": 1420.0,
                "function_hash": "138934839704051101487035138836379312673"
            },
            "source": "https://github.com/academysoftwarefoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e",
            "signature_type": "Function",
            "target": {
                "function": "hufDecode",
                "file": "OpenEXR/IlmImf/ImfHuf.cpp"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2021-20304-f93effb1"
        }
    ]
}