Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openexr
(Openexr)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 54 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-08 | CVE-2021-23215 | An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | Debian_linux, Fedora, Openexr | 5.5 | ||
| 2021-06-08 | CVE-2021-26260 | An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. | Debian_linux, Fedora, Openexr | 5.5 | ||
| 2021-06-08 | CVE-2021-26945 | An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | Openexr | 5.5 | ||
| 2021-07-06 | CVE-2021-3598 | There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | Debian_linux, Openexr, Enterprise_linux | 5.5 | ||
| 2021-08-25 | CVE-2021-3605 | There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | Debian_linux, Openexr, Enterprise_linux | 5.5 | ||
| 2022-01-01 | CVE-2021-45942 | OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. | Debian_linux, Fedora, Openexr | 5.5 | ||
| 2022-03-04 | CVE-2021-20300 | A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. | Debian_linux, Openexr | 5.5 | ||
| 2022-03-04 | CVE-2021-20302 | A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. | Debian_linux, Openexr | 5.5 | ||
| 2022-03-04 | CVE-2021-20303 | A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. | Debian_linux, Openexr | 6.1 | ||
| 2022-03-16 | CVE-2021-20299 | A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | Debian_linux, Openexr | 7.5 |