CVE-2021-3941

Public on 2022-03-25

Modified on 2023-01-18

Description

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Severity

Low

See what this means

CVSS v3 Base Score

4.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2023	openexr	2023-02-17 20:43	ALAS2023-2023-022

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	4.0	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD	CVSSv2	2.1	AV:L/AC:L/Au:N/C:N/I:N/A:P
NVD	CVSSv3	6.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References

Red Hat: CVE-2021-3941 Mitre: CVE-2021-3941 FAQs regarding Amazon Linux ALAS/CVE Severity