Bugzilla – Bug 1192556
VUL-0: CVE-2021-3941: openexr,OpenEXR: Divide-by-zero in Imf_3_1:RGBtoXYZ
Last modified: 2021-12-06 17:22:42 UTC
rh#2019789 A vulnerability was found in openexr where a Divide-by-zero was found in Imf_3_1::RGBtoXYZ. References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084 https://bugzilla.redhat.com/show_bug.cgi?id=2019789 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3941
Affected codestreams: - SUSE:SLE-11:Update/OpenEXR - SUSE:SLE-12:Update/openexr - SUSE:SLE-15:Update/openexr Also affected on openSUSE: - openSUSE:Factory/openexr
Upstream PR: https://github.com/AcademySoftwareFoundation/openexr/pull/1153
Submitted for 15,12/openexr and 11/OpenEXR.
SUSE-SU-2021:14846-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1188457,1188458,1188460,1188461,1192556 CVE References: CVE-2021-20298,CVE-2021-20300,CVE-2021-20303,CVE-2021-20304,CVE-2021-3941 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): OpenEXR-1.6.1-83.17.30.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): OpenEXR-1.6.1-83.17.30.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): OpenEXR-1.6.1-83.17.30.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): OpenEXR-1.6.1-83.17.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3843-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1184353,1192498,1192556 CVE References: CVE-2021-3477,CVE-2021-3933,CVE-2021-3941 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): openexr-2.1.0-6.42.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): openexr-2.1.0-6.42.1 SUSE Linux Enterprise Server 12-SP5 (src): openexr-2.1.0-6.42.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3844-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1192498,1192556 CVE References: CVE-2021-3933,CVE-2021-3941 JIRA References: Sources used: openSUSE Leap 15.3 (src): openexr-2.2.1-3.38.1
SUSE-SU-2021:3844-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1192498,1192556 CVE References: CVE-2021-3933,CVE-2021-3941 JIRA References: Sources used: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): openexr-2.2.1-3.38.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): openexr-2.2.1-3.38.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1537-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1192498,1192556 CVE References: CVE-2021-3933,CVE-2021-3941 JIRA References: Sources used: openSUSE Leap 15.2 (src): openexr-2.2.1-lp152.7.23.1