Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Openexr Subscribe
Total 48 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3475 2 Debian, Openexr 2 Debian Linux, Openexr 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
CVE-2020-16588 2 Debian, Openexr 2 Debian Linux, Openexr 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
CVE-2021-3474 2 Debian, Openexr 2 Debian Linux, Openexr 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
CVE-2021-3941 4 Debian, Fedoraproject, Openexr and 1 more 4 Debian Linux, Fedora, Openexr and 1 more 2023-02-03 2.1 LOW 6.5 MEDIUM
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
CVE-2021-3933 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
CVE-2021-45942 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
CVE-2021-23215 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
CVE-2021-26260 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
CVE-2021-3598 3 Debian, Openexr, Redhat 3 Debian Linux, Openexr, Enterprise Linux 2023-02-03 2.1 LOW 5.5 MEDIUM
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
CVE-2021-3605 3 Debian, Openexr, Redhat 3 Debian Linux, Openexr, Enterprise Linux 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
CVE-2020-16589 2 Debian, Openexr 2 Debian Linux, Openexr 2023-02-02 4.3 MEDIUM 5.5 MEDIUM
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
CVE-2020-16587 2 Debian, Openexr 2 Debian Linux, Openexr 2023-02-02 4.3 MEDIUM 5.5 MEDIUM
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
CVE-2021-3476 2 Debian, Openexr 2 Debian Linux, Openexr 2023-02-02 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
CVE-2020-11763 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2023-01-09 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
CVE-2020-11760 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2023-01-09 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
CVE-2020-11764 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2023-01-09 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
CVE-2020-11765 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2023-01-09 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
CVE-2020-11758 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2023-01-09 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
CVE-2020-11762 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2023-01-09 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
CVE-2020-11761 5 Apple, Canonical, Debian and 2 more 11 Icloud, Ipados, Iphone Os and 8 more 2023-01-09 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.