{"schema_version":"1.7.2","id":"OESA-2025-2355","modified":"2025-09-26T13:09:53Z","published":"2025-09-26T13:09:53Z","upstream":["CVE-2021-3941"],"summary":"OpenEXR security update","details":"OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light & Magic for use in computer imaging applications.\r\n\r\nSecurity Fix(es):\n\nIn ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.(CVE-2021-3941)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"OpenEXR","purl":"pkg:rpm/openEuler/OpenEXR&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-31.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["OpenEXR-2.2.0-31.oe2003sp4.aarch64.rpm","OpenEXR-debuginfo-2.2.0-31.oe2003sp4.aarch64.rpm","OpenEXR-debugsource-2.2.0-31.oe2003sp4.aarch64.rpm","OpenEXR-devel-2.2.0-31.oe2003sp4.aarch64.rpm","OpenEXR-libs-2.2.0-31.oe2003sp4.aarch64.rpm"],"src":["OpenEXR-2.2.0-31.oe2003sp4.src.rpm"],"x86_64":["OpenEXR-2.2.0-31.oe2003sp4.x86_64.rpm","OpenEXR-debuginfo-2.2.0-31.oe2003sp4.x86_64.rpm","OpenEXR-debugsource-2.2.0-31.oe2003sp4.x86_64.rpm","OpenEXR-devel-2.2.0-31.oe2003sp4.x86_64.rpm","OpenEXR-libs-2.2.0-31.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2355"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3941"}],"database_specific":{"severity":"Medium"}}