CVE-2021-45942
- Source
- https://cve.org/CVERecord?id=CVE-2021-45942
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-45942.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-45942
- Downstream
- Related
- Published
- 2022-01-01T01:15:09.043Z
- Modified
- 2026-04-16T00:00:47.310671164Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute (called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "10.0" } ] }, { "cpe": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "11.0" } ] }, { "cpe": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "34" } ] }, { "cpe": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "35" } ] }, { "cpe": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "36" } ] } ] }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/
- https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml
- https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
- https://security.gentoo.org/glsa/202210-31
- https://www.debian.org/security/2022/dsa-5299
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
- https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e
- https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0
- https://github.com/AcademySoftwareFoundation/openexr/pull/1209
Affected packages
Git
github.com/AcademySoftwareFoundation/openexr
github.com/academysoftwarefoundation/openexr
Affected versions
Other
OPENEXR_1_0_4
v1.*
v1.7.1
v2.*
v2.0.0
v2.0.0.GM
v2.0.1
v2.1.0
v2.3.0
v2.4.0
v2.4.0-beta.1
v2.5.0
v3.*
v3.0.0-beta
v3.1.0
v3.1.0-rc1
v3.1.1
v3.1.1-rc
v3.1.2
v3.1.2-rc
v3.1.2-rc2
v3.1.3
v3.1.3-rc
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-45942.json"
vanir_signatures_modified
"2026-04-12T03:55:41Z"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"91325097609538975938839288582012065129",
"253262582701365962304054289157660516177",
"311902830990348950937288566678359618339",
"276586492905127154042036174912484144033",
"188831020824104559036523858955344443108",
"161704828430724978381240602373035083082",
"278371039388581491327703370562709045406",
"266711709169808084797339884642694441415",
"296893220345172727778302497048130209817",
"316457263467203110643778627538681938526",
"205303340487489424337040860361738762156"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp"
},
"source": "https://github.com/academysoftwarefoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0",
"signature_version": "v1",
"id": "CVE-2021-45942-23c168f3"
},
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "261060456331839676951654666103115895398",
"length": 3393.0
},
"target": {
"file": "src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp",
"function": "readSampleCountForLineBlock"
},
"source": "https://github.com/academysoftwarefoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0",
"signature_version": "v1",
"id": "CVE-2021-45942-5f0097db"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"316721967187106063181695801990944930618",
"94654718054767645311657229282167205772",
"112344748540393282297725007213985904054",
"71949429348040882983664868528521426691"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp"
},
"source": "https://github.com/academysoftwarefoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e",
"signature_version": "v1",
"id": "CVE-2021-45942-69e046d7"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "262584198376023626102395360950088918721",
"length": 761.0
},
"target": {
"file": "src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp",
"function": "CompositeDeepScanLine::setFrameBuffer"
},
"source": "https://github.com/academysoftwarefoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e",
"signature_version": "v1",
"id": "CVE-2021-45942-efaf5dcd"
}
]