{"id":"JLSEC-2026-131","details":"In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.","modified":"2026-04-17T15:30:20.755589Z","published":"2026-04-17T15:19:54.657Z","upstream":["CVE-2021-3941"],"database_specific":{"sources":[{"id":"CVE-2021-3941","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3941","modified":"2024-11-21T06:22:49.330Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3941","published":"2022-03-25T19:15:09.307Z","imported":"2026-04-17T13:59:24.267Z","database_specific":{"status":"Modified"}}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019789"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202210-31"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5299"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019789"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202210-31"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5299"}],"affected":[{"package":{"name":"OpenEXR_jll","ecosystem":"Julia","purl":"pkg:julia/OpenEXR_jll?uuid=18a262bb-aa17-5467-a713-aee519bc75cb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"3.1.4+0"},{"fixed":"3.2.4+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-131.json"}}],"schema_version":"1.7.5"}