{
  "threat_severity" : "Low",
  "public_date" : "2021-02-15T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenEXR: Integer-overflow in Imf_2_5::hufUncompress",
    "id" : "1939153",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1939153"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-190",
  "details" : [ "A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.", "A flaw was found in OpenEXR's hufUncompress function in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability." ],
  "statement" : "This flaw does not affect OpenEXR shipped with Red Hat Enterprise Linux 6, 7, or 8 because the vulnerable code was introduced in a newer version of OpenEXR.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "OpenEXR",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "OpenEXR",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "gimp:flatpak/OpenEXR",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "OpenEXR",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-20300\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20300" ],
  "name" : "CVE-2021-20300",
  "csaw" : false
}