CVE-2021-3605

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3605
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3605.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3605
Downstream
Related
Published
2021-08-25T19:15:14.757Z
Modified
2026-04-02T07:04:46.021371Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

References

Affected packages

Git / github.com/openexr/openexr

Affected ranges

Type
GIT
Repo
https://github.com/openexr/openexr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
44d2d0eaf289f54d4f86f45f4b6b68fac2d15f0e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.0.5"
        }
    ]
}

Affected versions

Other
D_EXR_1_0
ILMBASE_1_0_2
OPENEXR_1_0_4
OPENEXR_1_0_7
OPENEXR_1_1_0
OPENEXR_1_1_1
OPENEXR_1_2_1
OPENEXR_1_2_2
OPENEXR_1_3_0
OPENEXR_1_3_1
OPENEXR_1_3_2
OPENEXR_1_4_0
OPENEXR_1_4_0a
OPENEXR_1_7_0
OPENEXR_VIEWERS_1_0_2
PHOTOSHOP_1_0
start
v1.*
v1.7.1
v2.*
v2.0.0
v2.0.0.GM
v2.0.0.beta.1
v2.0.0.beta.2
v2.0.1
v2.1.0
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.4.0
v2.4.0-beta.1
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.5.1
v2.5.10
v2.5.10-rc
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.7-rc1
v2.5.8
v2.5.8-rc
v2.5.9
v3.*
v3.0.0-beta
v3.0.1
v3.0.1-beta
v3.0.2
v3.0.3
v3.0.4
v3.0.4-rc1
v3.0.5-rc1
v3.1.0
v3.1.0-rc1
v3.1.1
v3.1.1-rc
v3.1.10
v3.1.10-rc
v3.1.11
v3.1.11-rc
v3.1.12
v3.1.12-rc
v3.1.12-rc2
v3.1.12-rc3
v3.1.12-rc4
v3.1.13
v3.1.13-rc
v3.1.2
v3.1.2-rc
v3.1.2-rc2
v3.1.3
v3.1.3-rc
v3.1.4
v3.1.4-rc
v3.1.5
v3.1.5-rc
v3.1.6
v3.1.6-rc
v3.1.7
v3.1.7-rc
v3.1.8
v3.1.8-rc
v3.1.8-rc2
v3.1.8-rc3
v3.1.8-rc4
v3.1.8-rc5
v3.1.9
v3.1.9-rc
v3.1.9-rc2
v3.1.9-rc3
v3.2.0
v3.2.0-rc
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.2.1
v3.2.1-rc
v3.2.2
v3.2.2-rc
v3.2.2-rc2
v3.2.3
v3.2.3-rc
v3.2.3-rc2
v3.2.4
v3.2.4-rc
v3.2.4-rc2
v3.2.5
v3.2.5-rc
v3.2.6
v3.2.6-rc
v3.3.0
v3.3.0-rc
v3.3.0-rc1
v3.3.0-rc2
v3.3.1
v3.3.1-rc
v3.3.2
v3.3.2-rc
v3.3.2-rc2
v3.3.2-rc3
v3.3.2-rc4
v3.3.3
v3.3.3-rc
v3.3.3-rc1
v3.3.4
v3.3.4-rc
v3.3.5
v3.3.5-rc
v3.3.5-rc2
v3.3.5-rc3
v3.3.6
v3.3.6-rc
v3.3.6-rc2
v3.3.6-rc3
v3.3.6-rc4
v3.3.7
v3.3.7-rc
v3.3.7-rc2
v3.3.7-rc3
v3.3.7-rc4
v3.3.8
v3.3.8-rc
v3.4-alpha
v3.4.0
v3.4.0-rc
v3.4.0-rc2
v3.4.1
v3.4.1-rc
v3.4.1-rc2
v3.4.2
v3.4.2-rc
v3.4.2-rc2
v3.4.3
v3.4.3-rc
v3.4.3-rc2
v3.4.3-rc3
v3.4.4
v3.4.4-rc
v3.4.4-rc2
v3.4.5
v3.4.5-rc
v3.4.6
v3.4.6-rc
v3.4.7
v3.4.7-rc
v3.4.8
v3.4.8-rc
v3.4.9-rc

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3605.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]