{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T14:04:44.104","vulnerabilities":[{"cve":{"id":"CVE-2021-20302","sourceIdentifier":"secalert@redhat.com","published":"2022-03-04T18:15:07.937","lastModified":"2024-11-21T05:46:18.903","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability."},{"lang":"es","value":"Se ha encontrado un fallo en la funcionalidad TiledInputFile de OpenEXR. Este fallo permite a un atacante que pueda enviar una imagen no diseñada de una sola parte para que sea procesada por OpenEXR, para desencadenar un error de excepción de punto flotante. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.4","matchCriteriaId":"9A41E435-16D4-4706-B45A-0AB56664C6EF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939161","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/842","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939161","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/842","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}