Home > Vulnerability Database > CVE-2021-20298

Mend.io Vulnerability Database

CVE-2021-20298

Date: August 22, 2022

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.

Severity Score

7.5

Related Resources (10)

Url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913

Url: https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1939156

Url: https://security-tracker.debian.org/tracker/CVE-2021-20298

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20298

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20298

Url: https://access.redhat.com/security/cve/CVE-2021-20298

Url: https://github.com/AcademySoftwareFoundation/openexr/pull/843

Url: https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html

Url: https://www.mend.io/vulnerability-database/CVE-2021-20298

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20298

Date: August 22, 2022

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?