Latest openexr openexr Vulnerabilities

CVE-2023-5841
OpenEXR Heap Overflow in Scanline Deep Data Parsing
Openexr Openexr<=3.2.1
CVE-2021-45942
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalT...
debian/openexr<=2.2.1-4.1+deb10u1
Openexr Openexr>=3.1.0<3.1.4
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 1 more
CVE-2021-3941
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` bu...
debian/openexr<=2.2.1-4.1+deb10u1
Openexr Openexr=3.1.2
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Fedoraproject Fedora=34
and 5 more
CVE-2021-3933
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problem...
debian/openexr<=2.2.1-4.1+deb10u1
Openexr Openexr<3.1.2
Fedoraproject Fedora=36
Debian Debian Linux=10.0
Debian Debian Linux=11.0
redhat/OpenEXR<3.1.2
CVE-2021-3598
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out...
debian/openexr<=2.2.1-4.1+deb10u1
Openexr Openexr<3.0.5
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
redhat/OpenEXR<3.0.5
CVE-2021-26945
Openexr Openexr<3.0.1
CVE-2021-23169
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user run...
Openexr Openexr<3.0.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
CVE-2021-23215
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
debian/openexr<=2.2.1-4.1+deb10u1
Openexr Openexr<3.0.1
Fedoraproject Fedora=33
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 1 more
CVE-2021-20296
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cau...
Openexr Openexr<2.4.3
Openexr Openexr>=2.5.0<2.5.4
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2021-3479
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of...
Openexr Openexr<2.4.3
Openexr Openexr>=2.5.0<2.5.4
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2021-3478
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory....
Openexr Openexr<2.4.3
Openexr Openexr>=2.5.0<2.5.4
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2021-3475
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with app...
Openexr Openexr<2.4.3
Openexr Openexr>=2.5.0<2.5.4
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2021-3476
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affe...
Openexr Openexr<2.4.3
Openexr Openexr>=2.5.0<2.5.4
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2021-3474
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with appl...
Openexr Openexr<2.4.3
Openexr Openexr>=2.5.0<2.5.4
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2021-20304
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threa...
Openexr Openexr<=2.5.7
redhat/OpenEXR<3.0.0
CVE-2021-20298
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest thr...
Openexr Openexr<=2.5.7
Debian Debian Linux=10.0
redhat/OpenEXR<3.0.0
CVE-2021-20303
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an ou...
Openexr Openexr<2.5.4
Debian Debian Linux=10.0
redhat/OpenEXR<2.5.4
CVE-2020-16587
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafte...
Openexr Openexr=2.3.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2020-16589
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
Openexr Openexr=2.3.0
Debian Debian Linux=10.0
CVE-2020-16588
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
Openexr Openexr=2.3.0
Debian Debian Linux=10.0
CVE-2020-15304
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a...
Openexr Openexr<2.5.2
Fedoraproject Fedora=31
Fedoraproject Fedora=32
openSUSE Leap=15.1
openSUSE Leap=15.2
CVE-2020-15305
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
<2.5.2
=31
=32
=15.1
=15.2
=9.0
and 21 more
CVE-2020-15306
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
<2.5.2
=31
=32
=15.1
=15.2
=9.0
and 21 more
CVE-2020-11758
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
ubuntu/openexr<2.2.0-11.1ubuntu1.2
ubuntu/openexr<2.2.1-4.1ubuntu1.1
ubuntu/openexr<2.3.0-6ubuntu0.1
ubuntu/openexr<2.2.0-10ubuntu2.2
Openexr Openexr<2.4.1
Fedoraproject Fedora=32
and 46 more
CVE-2020-11765
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
ubuntu/openexr<2.2.0-11.1ubuntu1.2
ubuntu/openexr<2.2.1-4.1ubuntu1.1
ubuntu/openexr<2.3.0-6ubuntu0.1
ubuntu/openexr<2.2.0-10ubuntu2.2
Openexr Openexr<2.4.1
Fedoraproject Fedora=32
and 45 more
CVE-2020-11761
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
ubuntu/openexr<2.2.0-11.1ubuntu1.2
ubuntu/openexr<2.2.1-4.1ubuntu1.1
ubuntu/openexr<2.3.0-6ubuntu0.1
ubuntu/openexr<2.2.0-10ubuntu2.2
Openexr Openexr<2.4.1
Fedoraproject Fedora=32
and 42 more
CVE-2020-11763
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
ubuntu/openexr<2.2.0-11.1ubuntu1.2
ubuntu/openexr<2.2.1-4.1ubuntu1.1
ubuntu/openexr<2.3.0-6ubuntu0.1
ubuntu/openexr<2.2.0-10ubuntu2.2
Openexr Openexr<2.4.1
Fedoraproject Fedora=32
and 43 more
CVE-2020-11762
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
ubuntu/openexr<2.2.0-11.1ubuntu1.2
ubuntu/openexr<2.2.1-4.1ubuntu1.1
ubuntu/openexr<2.3.0-6ubuntu0.1
ubuntu/openexr<2.2.0-10ubuntu2.2
Openexr Openexr<2.4.1
Fedoraproject Fedora=32
and 45 more
CVE-2020-11764
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
ubuntu/openexr<2.2.0-11.1ubuntu1.2
ubuntu/openexr<2.2.1-4.1ubuntu1.1
ubuntu/openexr<2.3.0-6ubuntu0.1
ubuntu/openexr<2.2.0-10ubuntu2.2
<2.4.1
=32
and 83 more
CVE-2020-11759
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-...
ubuntu/openexr<2.2.0-11.1ubuntu1.2
ubuntu/openexr<2.2.1-4.1ubuntu1.1
ubuntu/openexr<2.3.0-6ubuntu0.1
ubuntu/openexr<2.2.0-10ubuntu2.2
Openexr Openexr<2.4.1
Fedoraproject Fedora=32
and 42 more
CVE-2020-11760
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
ubuntu/openexr<2.2.0-11.1ubuntu1.2
ubuntu/openexr<2.2.1-4.1ubuntu1.1
ubuntu/openexr<2.3.0-6ubuntu0.1
ubuntu/openexr<2.2.0-10ubuntu2.2
Openexr Openexr<2.4.1
Fedoraproject Fedora=32
and 42 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203