VYPR

rpm package

suse/OpenEXR&distro=SUSE Linux Enterprise Point of Sale 11 SP3

pkg:rpm/suse/OpenEXR&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3

Vulnerabilities (7)

  • CVE-2021-20304Aug 23, 2022
    affected < 1.6.1-83.17.30.1fixed 1.6.1-83.17.30.1

    A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20298Aug 23, 2022
    affected < 1.6.1-83.17.30.1fixed 1.6.1-83.17.30.1

    A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.

  • CVE-2021-3941Mar 25, 2022
    affected < 1.6.1-83.17.30.1fixed 1.6.1-83.17.30.1

    In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigg

  • CVE-2021-20303Mar 4, 2022
    affected < 1.6.1-83.17.30.1fixed 1.6.1-83.17.30.1

    A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to applicatio

  • CVE-2021-20300Mar 4, 2022
    affected < 1.6.1-83.17.30.1fixed 1.6.1-83.17.30.1

    A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.

  • CVE-2021-3605Aug 25, 2021
    affected < 1.6.1-83.17.25.1fixed 1.6.1-83.17.25.1

    There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

  • CVE-2021-3479Mar 31, 2021
    affected < 1.6.1-83.17.25.1fixed 1.6.1-83.17.25.1

    There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.