rpm package

opensuse/openexr&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/openexr&distro=openSUSE%20Tumbleweed

Vulnerabilities (37)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-12495		—	< 3.4.3-2.1	3.4.3-2.1	Dec 23, 2025	Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required
CVE-2025-64183		—	< 3.4.3-1.1	3.4.3-1.1	Nov 10, 2025	OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObject_StealAttrString of
CVE-2025-64182		—	< 3.4.3-1.1	3.4.3-1.1	Nov 10, 2025	OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter
CVE-2025-64181		—	< 3.4.3-1.1	3.4.3-1.1	Nov 10, 2025	OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch
CVE-2025-48074		—	< 3.3.5-1.1	3.3.5-1.1	Aug 1, 2025	OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocatio
CVE-2025-48073		—	< 3.3.5-1.1	3.3.5-1.1	Jul 31, 2025	OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target a
CVE-2025-48072		—	< 3.3.5-1.1	3.3.5-1.1	Jul 31, 2025	OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-pac
CVE-2025-48071		—	< 3.3.5-1.1	3.3.5-1.1	Jul 31, 2025	OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep sca
CVE-2021-3605		—	< 3.1.1-2.2	3.1.1-2.2	Aug 25, 2021	There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
CVE-2021-3598		—	< 3.1.1-2.2	3.1.1-2.2	Jul 6, 2021	There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability
CVE-2018-18444		—	< 3.1.1-2.2	3.1.1-2.2	Oct 17, 2018	makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
CVE-2018-18443		—	< 3.1.1-2.2	3.1.1-2.2	Oct 17, 2018	OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.
CVE-2017-14988	Med	5.5	< 3.1.1-2.2	3.1.1-2.2	Oct 3, 2017	Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third
CVE-2017-9116	Med	6.5	< 3.1.1-2.2	3.1.1-2.2	May 21, 2017	In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.
CVE-2017-9115	Hig	8.8	< 3.1.1-2.2	3.1.1-2.2	May 21, 2017	In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9111	Hig	8.8	< 3.1.1-2.2	3.1.1-2.2	May 21, 2017	In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
CVE-2017-9110	Med	6.5	< 3.1.1-2.2	3.1.1-2.2	May 21, 2017	In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.

CVE-2025-12495Dec 23, 2025
affected < 3.4.3-2.1fixed 3.4.3-2.1
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required
CVE-2025-64183Nov 10, 2025
affected < 3.4.3-1.1fixed 3.4.3-1.1
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObject_StealAttrString of
CVE-2025-64182Nov 10, 2025
affected < 3.4.3-1.1fixed 3.4.3-1.1
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter
CVE-2025-64181Nov 10, 2025
affected < 3.4.3-1.1fixed 3.4.3-1.1
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch
CVE-2025-48074Aug 1, 2025
affected < 3.3.5-1.1fixed 3.3.5-1.1
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocatio
CVE-2025-48073Jul 31, 2025
affected < 3.3.5-1.1fixed 3.3.5-1.1
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target a
CVE-2025-48072Jul 31, 2025
affected < 3.3.5-1.1fixed 3.3.5-1.1
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-pac
CVE-2025-48071Jul 31, 2025
affected < 3.3.5-1.1fixed 3.3.5-1.1
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep sca
CVE-2021-3605Aug 25, 2021
affected < 3.1.1-2.2fixed 3.1.1-2.2
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
CVE-2021-3598Jul 6, 2021
affected < 3.1.1-2.2fixed 3.1.1-2.2
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability
CVE-2018-18444Oct 17, 2018
affected < 3.1.1-2.2fixed 3.1.1-2.2
makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
CVE-2018-18443Oct 17, 2018
affected < 3.1.1-2.2fixed 3.1.1-2.2
OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.
CVE-2017-14988MedOct 3, 2017
affected < 3.1.1-2.2fixed 3.1.1-2.2
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third
CVE-2017-9116MedMay 21, 2017
affected < 3.1.1-2.2fixed 3.1.1-2.2
In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.
CVE-2017-9115HigMay 21, 2017
affected < 3.1.1-2.2fixed 3.1.1-2.2
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9111HigMay 21, 2017
affected < 3.1.1-2.2fixed 3.1.1-2.2
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
CVE-2017-9110MedMay 21, 2017
affected < 3.1.1-2.2fixed 3.1.1-2.2
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.

Page 2 of 2