Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openexr
(Openexr)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 49 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-01 | CVE-2023-5841 | Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. | Openexr | 9.1 | ||
| 2020-06-26 | CVE-2020-15304 | An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. | Fedora, Openexr, Leap | 5.5 | ||
| 2020-06-26 | CVE-2020-15305 | An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. | Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap | 5.5 | ||
| 2020-06-26 | CVE-2020-15306 | An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. | Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap | 5.5 | ||
| 2020-12-09 | CVE-2020-16587 | A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file. | Debian_linux, Openexr | 5.5 | ||
| 2020-12-09 | CVE-2020-16588 | A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. | Debian_linux, Openexr | 5.5 | ||
| 2020-12-09 | CVE-2020-16589 | A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file. | Debian_linux, Openexr | 5.5 | ||
| 2021-03-30 | CVE-2021-3474 | There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. | Debian_linux, Openexr | 5.3 | ||
| 2021-03-30 | CVE-2021-3475 | There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. | Debian_linux, Openexr | 5.3 | ||
| 2021-03-30 | CVE-2021-3476 | A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. | Debian_linux, Openexr | 5.3 |