rpm package
opensuse/openexr&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/openexr&distro=openSUSE%20Leap%2015.2
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-16587 | — | < 2.2.1-lp152.7.8.1 | 2.2.1-lp152.7.8.1 | Dec 9, 2020 | A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file. | ||
| CVE-2020-15304 | — | < 2.2.1-lp152.7.5.1 | 2.2.1-lp152.7.5.1 | Jun 26, 2020 | An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. | ||
| CVE-2020-15305 | — | < 2.2.1-lp152.7.5.1 | 2.2.1-lp152.7.5.1 | Jun 26, 2020 | An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. | ||
| CVE-2020-15306 | — | < 2.2.1-lp152.7.5.1 | 2.2.1-lp152.7.5.1 | Jun 26, 2020 | An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. |
- CVE-2020-16587Dec 9, 2020affected < 2.2.1-lp152.7.8.1fixed 2.2.1-lp152.7.8.1
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
- CVE-2020-15304Jun 26, 2020affected < 2.2.1-lp152.7.5.1fixed 2.2.1-lp152.7.5.1
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
- CVE-2020-15305Jun 26, 2020affected < 2.2.1-lp152.7.5.1fixed 2.2.1-lp152.7.5.1
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
- CVE-2020-15306Jun 26, 2020affected < 2.2.1-lp152.7.5.1fixed 2.2.1-lp152.7.5.1
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
Page 2 of 2