rpm package
almalinux/OpenEXR-libs
pkg:rpm/almalinux/OpenEXR-libs
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27622 | — | < 2.2.0-12.el8_10.1 | 2.2.0-12.el8_10.1 | Mar 3, 2026 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled larg | ||
| CVE-2020-13584 | — | < 2.2.0-12.el8 | 2.2.0-12.el8 | Dec 3, 2020 | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | ||
| CVE-2020-13543 | — | < 2.2.0-12.el8 | 2.2.0-12.el8 | Dec 3, 2020 | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerab | ||
| CVE-2020-9983 | — | < 2.2.0-12.el8 | 2.2.0-12.el8 | Oct 16, 2020 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. | ||
| CVE-2020-9951 | — | < 2.2.0-12.el8 | 2.2.0-12.el8 | Oct 16, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2020-9948 | — | < 2.2.0-12.el8 | 2.2.0-12.el8 | Oct 16, 2020 | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2019-13012 | — | < 2.2.0-12.el8 | 2.2.0-12.el8 | Jun 28, 2019 | The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, |
- CVE-2026-27622Mar 3, 2026affected < 2.2.0-12.el8_10.1fixed 2.2.0-12.el8_10.1
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled larg
- CVE-2020-13584Dec 3, 2020affected < 2.2.0-12.el8fixed 2.2.0-12.el8
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
- CVE-2020-13543Dec 3, 2020affected < 2.2.0-12.el8fixed 2.2.0-12.el8
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerab
- CVE-2020-9983Oct 16, 2020affected < 2.2.0-12.el8fixed 2.2.0-12.el8
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
- CVE-2020-9951Oct 16, 2020affected < 2.2.0-12.el8fixed 2.2.0-12.el8
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2020-9948Oct 16, 2020affected < 2.2.0-12.el8fixed 2.2.0-12.el8
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-13012Jun 28, 2019affected < 2.2.0-12.el8fixed 2.2.0-12.el8
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL,