rpm package
almalinux/openexr-libs
pkg:rpm/almalinux/openexr-libs
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34588 | Hig | 7.8 | < 3.1.1-3.el9_7.2 | 3.1.1-3.el9_7.2 | Apr 6, 2026 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmeti | |
| CVE-2026-27622 | — | < 3.1.10-8.el10_1.1 | 3.1.10-8.el10_1.1 | Mar 3, 2026 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled larg | ||
| CVE-2023-5841 | — | < 3.1.1-2.el9_4.1 | 3.1.1-2.el9_4.1 | Feb 1, 2024 | Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as |
- affected < 3.1.1-3.el9_7.2fixed 3.1.1-3.el9_7.2
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmeti
- CVE-2026-27622Mar 3, 2026affected < 3.1.10-8.el10_1.1fixed 3.1.10-8.el10_1.1
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled larg
- CVE-2023-5841Feb 1, 2024affected < 3.1.1-2.el9_4.1fixed 3.1.1-2.el9_4.1
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as