CVE-2021-3941
Published: 25 March 2022
Summary
CVE-2021-3941 is a medium-severity Divide By Zero (CWE-369) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-27154
Vulnerability details
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0…
more
value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.