CVE-2021-3941: In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;`…

CVE-2021-23215 [MEDIUM] OpenEXR vulnerabilities Title: OpenEXR vulnerabilities Summary: Several security issues were fixed in OpenEXR. It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. These issues only affected Ubuntu 20.04 ESM. (CVE-2021-3598, CVE-2021-3605, CVE-2021-20296, CVE-2021-23215, CVE-2021-26260) It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2021-3933) It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash. (CVE-2021-3941) Instructions: In ge

CVE-2021-3941 OpenEXR vulnerability Title: OpenEXR vulnerability Summary: OpenEXR could be made to crash if it opened a specially crafted file. It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2021-3941 [MEDIUM] CWE-369 openexr: Divide-by-zero in Imf_3_1::RGBtoXYZ openexr: Divide-by-zero in Imf_3_1::RGBtoXYZ In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. Statement: This flaw is out of support scope for OpenEXR as shipped in Red Hat Enterprise Linux 6 and 7. Please see https://access.redhat.com/support/policy/updates/errata/ for more information on support scopes. Package: OpenEXR (Red Hat Enterprise Linux 6) - Out of support scope Package: OpenEXR (Red Hat Enterprise Linux 7) - Out of support scope Package: mingw-OpenE

CVE-2021-3941 [MEDIUM] CVE-2021-3941: openexr - In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations ... In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. Scope: local bookworm: resolved (fixed in 3.1.5-2) bullseye: resolved (fixed in 2.5.4-2+deb11u1) forky: resolved (fixed in 3.1.5-2) sid: resolved (fixed in 3.1.5-2) trixie: resolved (fixed in 3.1.5-2)

CVE-2021-3598 [MEDIUM] openexr vulnerabilities openexr vulnerabilities It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. These issues only affected Ubuntu 20.04 ESM. (CVE-2021-3598, CVE-2021-3605, CVE-2021-20296, CVE-2021-23215, CVE-2021-26260) It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2021-3933) It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash. (CVE-2021-3941)

CVE-2021-3941 [MEDIUM] CWE-369 GHSA-rpq9-h75r-mccg: In ImfChromaticities In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

CVE-2021-3941 [MEDIUM] CVE-2021-3941: In ImfChromaticities In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

CVE-2021-41114 [MEDIUM] CWE-20 HTTP Host Header Injection HTTP Host Header Injection ### Meta * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C` (3.5) ### Problem It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP _Host_ header. TYPO3 uses the HTTP _Host_ header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in [TYPO3-CORE-SA-2014-001 (CVE-2014-3941)](https://typo3.org/security/advisory/typo3-core-sa-2014-001/). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting _$GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedH