CVE-2021-46389
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-46389
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46389.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-46389
- Published
- 2022-02-07T14:15:07Z
- Modified
- 2025-09-19T13:29:17.529026Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters.
- References
Affected packages
Git / github.com/ruven/iipsrv
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ruven/iipsrv
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2021-46389-00af6c74",
"signature_type": "Line",
"digest": {
"line_hashes": [
"49081635786734615372207630181138578192",
"6588958625276411765230449641276649355",
"17410745346758107376938645928070675596",
"42909826789947304998859546550460984998",
"32119520324992019959218325995025856939",
"203894769098030543647385977957292331029",
"263865054473699695989803351677788289421",
"316193701779264528059953942187349290997",
"47343072808777006965664048193589891735",
"193968144182304520396527356506303563821",
"292710459902706867374608898593691104556",
"25442537592959120675630335248222264266",
"295884226501419955875667235427319317682",
"50852181632521686874393814242120096841",
"267928578479262828581188667222027845807",
"110470469929516516835802047888855897429",
"85773203882437941611248713966048763964",
"314567132186233723601997405892217995282",
"152040664738292743344543016668005375679",
"296075968113942055662559067643882127083",
"233730925802903029460988579114597411359",
"129825096885286992265507472947887679665",
"116872494387100171113234844630680207629",
"135329647392668629154521153238149901016",
"79391846206378839020243183507809049280"
],
"threshold": 0.9
},
"target": {
"file": "src/JTL.cc"
},
"source": "https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-033ec7ec",
"signature_type": "Function",
"digest": {
"function_hash": "186077026274704907936064986488401521243",
"length": 11767.0
},
"target": {
"file": "src/JTL.cc",
"function": "JTL::send"
},
"source": "https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-24f74b7b",
"signature_type": "Line",
"digest": {
"line_hashes": [
"102164111037778064995685154847595251279",
"332236392168746308203832572828463789510",
"292704471606432058301692399682807723303",
"178839102629743066322311875161691927975"
],
"threshold": 0.9
},
"target": {
"file": "src/RawTile.h"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-2be1419b",
"signature_type": "Function",
"digest": {
"function_hash": "83900875094825703628272388333051650130",
"length": 954.0
},
"target": {
"file": "src/OpenJPEGImage.cc",
"function": "OpenJPEGImage::getRegion"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-3c2cc7bc",
"signature_type": "Function",
"digest": {
"function_hash": "305952215871640243418368825870933897316",
"length": 4958.0
},
"target": {
"file": "src/TileManager.cc",
"function": "TileManager::getRegion"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-40b0dab8",
"signature_type": "Line",
"digest": {
"line_hashes": [
"338310129470811516572841561876203643432",
"278447221315998492737967366237381703532",
"192784104165575784403546630809999513453",
"203567808557507191499774501507680616479",
"190724194906937707076733195795163059721",
"27647015492974080515593162091550725228",
"171738991932306377709033984383326568668",
"30887287326845903487651802049253842459",
"181277981036196807109479888290507064023",
"219990835193833992972023302020552341279",
"293372123410905180467097610157842401464",
"305467442054809097079393448257255167265",
"286755413826498835215615619093218351260",
"161232455643855582844318603226856080353",
"301398429578117576554059667129990277299",
"117518251490803569929971567675355722805",
"129707668550990528696788190290347348902",
"226313709145028650451276708560132080105"
],
"threshold": 0.9
},
"target": {
"file": "src/SPECTRA.cc"
},
"source": "https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-58134d44",
"signature_type": "Function",
"digest": {
"function_hash": "336502891390810649993937664529641737487",
"length": 1254.0
},
"target": {
"file": "src/Transforms.cc",
"function": "Transform::interpolate_nearestneighbour"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-69c07591",
"signature_type": "Function",
"digest": {
"function_hash": "179036242402480341529358016078667048928",
"length": 3908.0
},
"target": {
"file": "src/SPECTRA.cc",
"function": "SPECTRA::run"
},
"source": "https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-825a26c1",
"signature_type": "Function",
"digest": {
"function_hash": "140150141027094911581666724538562899886",
"length": 948.0
},
"target": {
"file": "src/KakaduImage.cc",
"function": "KakaduImage::getRegion"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-931a732b",
"signature_type": "Function",
"digest": {
"function_hash": "205127902846115136021759592472668096091",
"length": 966.0
},
"target": {
"file": "src/TileManager.cc",
"function": "TileManager::crop"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-946368f2",
"signature_type": "Line",
"digest": {
"line_hashes": [
"339875899202272737138931836200320731609",
"308522275067191617160341553386129506898",
"122617599169968680230886663542868370743",
"266440435000063685576912278918886617398",
"248855837373048596691482207605929382187",
"308522275067191617160341553386129506898",
"122617599169968680230886663542868370743",
"332758577473474589297034680850790430677"
],
"threshold": 0.9
},
"target": {
"file": "src/Transforms.cc"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-a0724f89",
"signature_type": "Line",
"digest": {
"line_hashes": [
"172139988838157693131674878672417138133",
"219206243776171167537952438727427604242",
"160141502712349341020741845279301610422",
"193376766049841036799393014665270849488",
"153005524618959239503519492224260601299",
"203913751906945447894448487983897909463",
"145039770279780111414188268442527578657"
],
"threshold": 0.9
},
"target": {
"file": "src/KakaduImage.cc"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-a7e82e0d",
"signature_type": "Function",
"digest": {
"function_hash": "132477045809724819738898161758173236714",
"length": 1998.0
},
"target": {
"file": "src/Transforms.cc",
"function": "Transform::interpolate_bilinear"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-af8093a0",
"signature_type": "Line",
"digest": {
"line_hashes": [
"311099056278709379324135873999859124325",
"46988397371136133179930559766784304261",
"252386768343249249105030650774615092700",
"30909941533050855462716928713091460429",
"251450953503588965003637017808823224043",
"335778523914029622682450496225008352117",
"147175082327597427383347688430499272135",
"51757074193411652851985426150678935871",
"55291705804327629588687076882769982003",
"59729168070261373700202201000361409318",
"224887774155073677719192572333566625666",
"70032835139564682622566162803773228519",
"90246307166213938595042233295573836204",
"194673606936737164730591626792073401664",
"233233365034773828364730219602639923414",
"192496845956257061853907247713532059780",
"79856134710541503588856908740248918543",
"330375425181035439053049855245331704792"
],
"threshold": 0.9
},
"target": {
"file": "src/TileManager.cc"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2021-46389-d3c4191e",
"signature_type": "Line",
"digest": {
"line_hashes": [
"70510800996650429787018647660929056496",
"96643211942793132546013200233444032869",
"102196328465780818408576418514335425117",
"209828596021340883209425747844654174456",
"112705705694755437384949568613086741301",
"234805782120475292423779887212237647993",
"145039770279780111414188268442527578657"
],
"threshold": 0.9
},
"target": {
"file": "src/OpenJPEGImage.cc"
},
"source": "https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195",
"signature_version": "v1",
"deprecated": false
}
]
}