CVE-2021-3479: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. The vulnerability, identified as CVE-2021-3479, allows an attacker to trigger excessive consumption of memory by submitting a crafted file to be processed by OpenEXR, potentially impacting system availability (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) and CWE-400 (Uncontrolled Resource Consumption) (NVD).

When exploited, this vulnerability can lead to a denial of service condition through excessive memory consumption, affecting system availability. The impact is primarily focused on resource exhaustion, with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed in OpenEXR versions 2.4.3, 2.5.4, 2.5.5, and 3.0.1 and beyond. Users are advised to upgrade to these or later versions to mitigate the vulnerability (Red Hat Bugzilla).

Multiple Linux distributions have released security updates to address this vulnerability, including Debian with DLA-2701-1 and DLA-3236-1, and Gentoo with GLSA-202107-27 (Debian LTS, Gentoo Security).