{"id":"CVE-2021-20298","details":"A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.","modified":"2026-04-11T23:33:50.972110Z","published":"2022-08-23T16:15:09.020Z","related":["SUSE-SU-2021:14846-1","SUSE-SU-2021:2793-1","SUSE-SU-2021:2913-1","openSUSE-SU-2021:1198-1","openSUSE-SU-2021:2793-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-20298"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939156"},{"type":"FIX","url":"https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97"},{"type":"FIX","url":"https://github.com/AcademySoftwareFoundation/openexr/pull/843"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/academysoftwarefoundation/openexr","events":[{"introduced":"0"},{"fixed":"85fd638ae0d5fa132434f4cbf32590261c1dba97"}]},{"type":"GIT","repo":"https://github.com/openexr/openexr","events":[{"introduced":"0"},{"last_affected":"8bc3741131db146ad08a5b83af9e6e48f0e94a03"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.7"}]}}],"versions":["OPENEXR_1_0_4","v1.7.1","v2.0.0","v2.0.0.GM","v2.0.1","v2.1.0","v2.3.0","v2.4.0","v2.4.0-beta.1","v2.5.0","v2.5.1","v2.5.2","v2.5.3","v2.5.4","v2.5.5","v2.5.6","v2.5.7","v2.5.7-rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"vanir_signatures_modified":"2026-04-11T23:33:50Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20298.json","vanir_signatures":[{"id":"CVE-2021-20298-7d322475","deprecated":false,"source":"https://github.com/academysoftwarefoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["337182622941885860691948893909499588135","323662791025237067706865570695215691721","262227886135352975191095936665666742560","102441096919337918920502902234704070284"]},"target":{"file":"OpenEXR/IlmImf/ImfB44Compressor.cpp"},"signature_type":"Line"},{"id":"CVE-2021-20298-a5a84c0a","deprecated":false,"source":"https://github.com/academysoftwarefoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97","signature_version":"v1","digest":{"function_hash":"73840588326705174605545363839552404531","length":1483},"target":{"function":"B44Compressor::B44Compressor","file":"OpenEXR/IlmImf/ImfB44Compressor.cpp"},"signature_type":"Function"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}