{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T19:33:59.793","vulnerabilities":[{"cve":{"id":"CVE-2021-20296","sourceIdentifier":"secalert@redhat.com","published":"2021-04-01T14:15:13.310","lastModified":"2026-06-17T03:33:37.577","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability."},{"lang":"es","value":"Se encontró un fallo en OpenEXR en versiones anteriores a 3.0.0-beta. Un archivo de entrada diseñado proporcionado por un atacante, que es procesado por la funcionalidad de decompresión Dwa de la biblioteca IlmImf de OpenEXR, podría causar una desreferencia del puntero NULL. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"n/a","product":"OpenEXR","versions":[{"version":"OpenEXR 3.0.0-beta","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.3","matchCriteriaId":"12541242-6F4A-457C-B0D3-B97C75F79627"},{"vulnerable":true,"criteria":"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.5.4","matchCriteriaId":"3540D6CF-36A9-4FE9-9D0D-C3263DE61E62"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854","source":"secalert@redhat.com","tags":["Issue Tracking","Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939141","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202107-27","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939141","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202107-27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}