Skip to main content

NULL Pointer Dereference

CVE-2021-20296

Severity Medium
Score 5.3/10

Summary

A flaw was found in OpenEXR in versions before 2.4.3 and 2.5.x before 2.5.4. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • LOW

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published