DEBIAN-CVE-2021-20298

DEBIAN-CVE-2021-20298 PUBLISHED CVSS 7.5 HIGH

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	openexr	0, 0, 0
Debian:12	openexr	0, 0, 0
Debian:11	openexr	0, 0, 0
Debian:14	openexr	0, 0, 0

Timeline

Aug 23, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-20298 advisory

Open in Interactive Console →