Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openexr
(Openexr)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 49 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-14 | CVE-2020-11765 | An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. | Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap | 5.5 | ||
| 2020-06-26 | CVE-2020-15304 | An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. | Fedora, Openexr, Leap | 5.5 | ||
| 2020-06-26 | CVE-2020-15305 | An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. | Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap | 5.5 | ||
| 2020-06-26 | CVE-2020-15306 | An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. | Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap | 5.5 | ||
| 2021-03-31 | CVE-2021-3477 | There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. | Debian_linux, Openexr | 5.5 | ||
| 2021-06-08 | CVE-2021-23169 | A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR. | Fedora, Openexr | 8.8 | ||
| 2021-06-08 | CVE-2021-23215 | An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | Debian_linux, Fedora, Openexr | 5.5 | ||
| 2021-06-08 | CVE-2021-26260 | An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. | Debian_linux, Fedora, Openexr | 5.5 | ||
| 2021-07-06 | CVE-2021-3598 | There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | Debian_linux, Openexr, Enterprise_linux | 5.5 | ||
| 2021-08-25 | CVE-2021-3605 | There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | Debian_linux, Openexr, Enterprise_linux | 5.5 |