CVE-2021-45942

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-45942
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45942.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-45942
Downstream
Related
Published
2022-01-01T01:15:09Z
Modified
2025-10-14T18:56:11.549589Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute (called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

References

Affected packages

Git / github.com/openexr/openexr

Affected ranges

Type
GIT
Repo
https://github.com/openexr/openexr
Events
Introduced
e9ae5e7c5fb9bdc295c7f47747521cfa59147da0
Fixed
e94d82b2165da4e2af167aa74630906202e3d43b
Type
GIT
Repo
https://github.com/academysoftwarefoundation/openexr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
11cad77da87c4fa2aab7d58dd5339e254db7937e
Fixed
db217f29dfb24f6b4b5100c24ac5e7490e1c57d0
Fixed
e94d82b2165da4e2af167aa74630906202e3d43b

Affected versions

Other

OPENEXR_1_0_4

v1.*

v1.7.1

v2.*

v2.0.0
v2.0.0.GM
v2.0.0.beta.1
v2.0.0.beta.2
v2.0.1
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.4.0-beta.1
v2.5.0

v3.*

v3.0.0-beta
v3.1.0
v3.1.0-rc1
v3.1.1
v3.1.1-rc
v3.1.2
v3.1.2-rc
v3.1.2-rc2
v3.1.3
v3.1.3-rc

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp"
            },
            "id": "CVE-2021-45942-23c168f3",
            "digest": {
                "line_hashes": [
                    "91325097609538975938839288582012065129",
                    "253262582701365962304054289157660516177",
                    "311902830990348950937288566678359618339",
                    "276586492905127154042036174912484144033",
                    "188831020824104559036523858955344443108",
                    "161704828430724978381240602373035083082",
                    "278371039388581491327703370562709045406",
                    "266711709169808084797339884642694441415",
                    "296893220345172727778302497048130209817",
                    "316457263467203110643778627538681938526",
                    "205303340487489424337040860361738762156"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/academysoftwarefoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp",
                "function": "readSampleCountForLineBlock"
            },
            "id": "CVE-2021-45942-5f0097db",
            "digest": {
                "length": 3393.0,
                "function_hash": "261060456331839676951654666103115895398"
            },
            "signature_version": "v1",
            "source": "https://github.com/academysoftwarefoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp"
            },
            "id": "CVE-2021-45942-69e046d7",
            "digest": {
                "line_hashes": [
                    "316721967187106063181695801990944930618",
                    "94654718054767645311657229282167205772",
                    "112344748540393282297725007213985904054",
                    "71949429348040882983664868528521426691"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/academysoftwarefoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp",
                "function": "CompositeDeepScanLine::setFrameBuffer"
            },
            "id": "CVE-2021-45942-efaf5dcd",
            "digest": {
                "length": 761.0,
                "function_hash": "262584198376023626102395360950088918721"
            },
            "signature_version": "v1",
            "source": "https://github.com/academysoftwarefoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e"
        }
    ]
}