CVE-2021-3605
5.5 MEDIUMThere's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5
Published: 2021-08-25 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- CWE
- CWE-119, CWE-125
Affected products
| Vendor | Product |
|---|---|
| debian | debian_linux, enterprise_linux, openexr |
| openexr | debian_linux, enterprise_linux, openexr |
| redhat | debian_linux, enterprise_linux, openexr |
Description
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3605
- [Patch]https://bugzilla.redhat.com/show_bug.cgi?id=1970991
- [Other]https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
- [Other]https://security.gentoo.org/glsa/202210-31
- [Other]https://www.debian.org/security/2022/dsa-5299
- [Patch]https://bugzilla.redhat.com/show_bug.cgi?id=1970991
- [Other]https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
- [Other]https://security.gentoo.org/glsa/202210-31
- [Other]https://www.debian.org/security/2022/dsa-5299
Related CVEs
Same vendor
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-11793 — A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11790 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11789 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
Same CWE
- CVE-2026-4367 — A flaw was found in libXpm (5.5 MEDIUM)
- CVE-2026-47963 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
- CVE-2026-47934 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
- CVE-2026-47927 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
- CVE-2026-47748 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (5.5 MEDIUM)