{"id":"OESA-2025-2355","summary":"OpenEXR security update","details":"OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light & Magic for use in computer imaging applications.\r\n\r\nSecurity Fix(es):\n\nIn ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.(CVE-2021-3941)","modified":"2025-09-26T14:16:50.044519Z","published":"2025-09-26T13:09:53Z","upstream":["CVE-2021-3941"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2355"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3941"}],"affected":[{"package":{"name":"OpenEXR","ecosystem":"openEuler:20.03-LTS-SP4","purl":"pkg:rpm/openEuler/OpenEXR&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-31.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["OpenEXR-2.2.0-31.oe2003sp4.aarch64.rpm","OpenEXR-debuginfo-2.2.0-31.oe2003sp4.aarch64.rpm","OpenEXR-debugsource-2.2.0-31.oe2003sp4.aarch64.rpm","OpenEXR-devel-2.2.0-31.oe2003sp4.aarch64.rpm","OpenEXR-libs-2.2.0-31.oe2003sp4.aarch64.rpm"],"x86_64":["OpenEXR-2.2.0-31.oe2003sp4.x86_64.rpm","OpenEXR-debuginfo-2.2.0-31.oe2003sp4.x86_64.rpm","OpenEXR-debugsource-2.2.0-31.oe2003sp4.x86_64.rpm","OpenEXR-devel-2.2.0-31.oe2003sp4.x86_64.rpm","OpenEXR-libs-2.2.0-31.oe2003sp4.x86_64.rpm"],"src":["OpenEXR-2.2.0-31.oe2003sp4.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2025-2355.json"}}],"schema_version":"1.7.3"}