{"id":"CVE-2021-46389","details":"IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters.","modified":"2026-04-12T09:22:01.338728Z","published":"2022-02-07T14:15:07.727Z","references":[{"type":"FIX","url":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195"},{"type":"FIX","url":"https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ruven/iipsrv","events":[{"introduced":"0"},{"fixed":"4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9"}]},{"type":"GIT","repo":"https://github.com/ruven/iipsrv","events":[{"introduced":"0"},{"fixed":"882925b295a80ec992063deffc2a3b0d803c3195"}]},{"type":"GIT","repo":"https://github.com/ruven/iipsrv","events":[{"introduced":"0"},{"fixed":"4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9"}]},{"type":"GIT","repo":"https://github.com/ruven/iipsrv","events":[{"introduced":"0"},{"fixed":"882925b295a80ec992063deffc2a3b0d803c3195"}]}],"versions":["iipsrv-0.9.8","iipsrv-0.9.9","iipsrv-1.0","iipsrv-1.1"],"database_specific":{"vanir_signatures":[{"digest":{"line_hashes":["49081635786734615372207630181138578192","6588958625276411765230449641276649355","17410745346758107376938645928070675596","42909826789947304998859546550460984998","32119520324992019959218325995025856939","203894769098030543647385977957292331029","263865054473699695989803351677788289421","316193701779264528059953942187349290997","47343072808777006965664048193589891735","193968144182304520396527356506303563821","292710459902706867374608898593691104556","25442537592959120675630335248222264266","295884226501419955875667235427319317682","50852181632521686874393814242120096841","267928578479262828581188667222027845807","110470469929516516835802047888855897429","85773203882437941611248713966048763964","314567132186233723601997405892217995282","152040664738292743344543016668005375679","296075968113942055662559067643882127083","233730925802903029460988579114597411359","129825096885286992265507472947887679665","116872494387100171113234844630680207629","135329647392668629154521153238149901016","79391846206378839020243183507809049280"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9","deprecated":false,"signature_type":"Line","target":{"file":"src/JTL.cc"},"id":"CVE-2021-46389-00af6c74"},{"digest":{"length":11767,"function_hash":"186077026274704907936064986488401521243"},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9","deprecated":false,"signature_type":"Function","target":{"function":"JTL::send","file":"src/JTL.cc"},"id":"CVE-2021-46389-033ec7ec"},{"digest":{"line_hashes":["102164111037778064995685154847595251279","332236392168746308203832572828463789510","292704471606432058301692399682807723303","178839102629743066322311875161691927975"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Line","target":{"file":"src/RawTile.h"},"id":"CVE-2021-46389-24f74b7b"},{"digest":{"length":954,"function_hash":"83900875094825703628272388333051650130"},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Function","target":{"function":"OpenJPEGImage::getRegion","file":"src/OpenJPEGImage.cc"},"id":"CVE-2021-46389-2be1419b"},{"digest":{"length":4958,"function_hash":"305952215871640243418368825870933897316"},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Function","target":{"function":"TileManager::getRegion","file":"src/TileManager.cc"},"id":"CVE-2021-46389-3c2cc7bc"},{"digest":{"line_hashes":["338310129470811516572841561876203643432","278447221315998492737967366237381703532","192784104165575784403546630809999513453","203567808557507191499774501507680616479","190724194906937707076733195795163059721","27647015492974080515593162091550725228","171738991932306377709033984383326568668","30887287326845903487651802049253842459","181277981036196807109479888290507064023","219990835193833992972023302020552341279","293372123410905180467097610157842401464","305467442054809097079393448257255167265","286755413826498835215615619093218351260","161232455643855582844318603226856080353","301398429578117576554059667129990277299","117518251490803569929971567675355722805","129707668550990528696788190290347348902","226313709145028650451276708560132080105"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9","deprecated":false,"signature_type":"Line","target":{"file":"src/SPECTRA.cc"},"id":"CVE-2021-46389-40b0dab8"},{"digest":{"length":1254,"function_hash":"336502891390810649993937664529641737487"},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Function","target":{"function":"Transform::interpolate_nearestneighbour","file":"src/Transforms.cc"},"id":"CVE-2021-46389-58134d44"},{"digest":{"length":3908,"function_hash":"179036242402480341529358016078667048928"},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9","deprecated":false,"signature_type":"Function","target":{"function":"SPECTRA::run","file":"src/SPECTRA.cc"},"id":"CVE-2021-46389-69c07591"},{"digest":{"length":948,"function_hash":"140150141027094911581666724538562899886"},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Function","target":{"function":"KakaduImage::getRegion","file":"src/KakaduImage.cc"},"id":"CVE-2021-46389-825a26c1"},{"digest":{"length":966,"function_hash":"205127902846115136021759592472668096091"},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Function","target":{"function":"TileManager::crop","file":"src/TileManager.cc"},"id":"CVE-2021-46389-931a732b"},{"digest":{"line_hashes":["339875899202272737138931836200320731609","308522275067191617160341553386129506898","122617599169968680230886663542868370743","266440435000063685576912278918886617398","248855837373048596691482207605929382187","308522275067191617160341553386129506898","122617599169968680230886663542868370743","332758577473474589297034680850790430677"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Line","target":{"file":"src/Transforms.cc"},"id":"CVE-2021-46389-946368f2"},{"digest":{"line_hashes":["172139988838157693131674878672417138133","219206243776171167537952438727427604242","160141502712349341020741845279301610422","193376766049841036799393014665270849488","153005524618959239503519492224260601299","203913751906945447894448487983897909463","145039770279780111414188268442527578657"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Line","target":{"file":"src/KakaduImage.cc"},"id":"CVE-2021-46389-a0724f89"},{"digest":{"length":1998,"function_hash":"132477045809724819738898161758173236714"},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Function","target":{"function":"Transform::interpolate_bilinear","file":"src/Transforms.cc"},"id":"CVE-2021-46389-a7e82e0d"},{"digest":{"line_hashes":["311099056278709379324135873999859124325","46988397371136133179930559766784304261","252386768343249249105030650774615092700","30909941533050855462716928713091460429","251450953503588965003637017808823224043","335778523914029622682450496225008352117","147175082327597427383347688430499272135","51757074193411652851985426150678935871","55291705804327629588687076882769982003","59729168070261373700202201000361409318","224887774155073677719192572333566625666","70032835139564682622566162803773228519","90246307166213938595042233295573836204","194673606936737164730591626792073401664","233233365034773828364730219602639923414","192496845956257061853907247713532059780","79856134710541503588856908740248918543","330375425181035439053049855245331704792"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Line","target":{"file":"src/TileManager.cc"},"id":"CVE-2021-46389-af8093a0"},{"digest":{"line_hashes":["70510800996650429787018647660929056496","96643211942793132546013200233444032869","102196328465780818408576418514335425117","209828596021340883209425747844654174456","112705705694755437384949568613086741301","234805782120475292423779887212237647993","145039770279780111414188268442527578657"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195","deprecated":false,"signature_type":"Line","target":{"file":"src/OpenJPEGImage.cc"},"id":"CVE-2021-46389-d3c4191e"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46389.json","vanir_signatures_modified":"2026-04-12T09:22:01Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2022-01-14"}]},{"events":[{"introduced":"iipsrv.fcgi"},{"last_affected":"malformed"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}