rpm package
suse/openexr&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
pkg:rpm/suse/openexr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-20304 | — | < 2.1.0-6.37.1 | 2.1.0-6.37.1 | Aug 23, 2022 | A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-20298 | — | < 2.1.0-6.37.1 | 2.1.0-6.37.1 | Aug 23, 2022 | A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-20299 | — | < 2.1.0-6.37.1 | 2.1.0-6.37.1 | Mar 16, 2022 | A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-20303 | — | < 2.1.0-6.37.1 | 2.1.0-6.37.1 | Mar 4, 2022 | A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to applicatio | ||
| CVE-2021-20302 | — | < 2.1.0-6.37.1 | 2.1.0-6.37.1 | Mar 4, 2022 | A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-20300 | — | < 2.1.0-6.37.1 | 2.1.0-6.37.1 | Mar 4, 2022 | A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-3605 | — | < 2.1.0-6.34.1 | 2.1.0-6.34.1 | Aug 25, 2021 | There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | ||
| CVE-2021-3598 | — | < 2.1.0-6.34.1 | 2.1.0-6.34.1 | Jul 6, 2021 | There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability | ||
| CVE-2021-3479 | — | < 2.1.0-6.34.1 | 2.1.0-6.34.1 | Mar 31, 2021 | There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. | ||
| CVE-2021-3476 | — | < 2.1.0-6.37.1 | 2.1.0-6.37.1 | Mar 30, 2021 | A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. | ||
| CVE-2017-12596 | Hig | 7.8 | < 2.1.0-6.3.1 | 2.1.0-6.3.1 | Aug 7, 2017 | In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact. | |
| CVE-2017-9114 | Med | 6.5 | < 2.1.0-6.3.1 | 2.1.0-6.3.1 | May 21, 2017 | In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. | |
| CVE-2017-9110 | Med | 6.5 | < 2.1.0-6.3.1 | 2.1.0-6.3.1 | May 21, 2017 | In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. |
- CVE-2021-20304Aug 23, 2022affected < 2.1.0-6.37.1fixed 2.1.0-6.37.1
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.
- CVE-2021-20298Aug 23, 2022affected < 2.1.0-6.37.1fixed 2.1.0-6.37.1
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.
- CVE-2021-20299Mar 16, 2022affected < 2.1.0-6.37.1fixed 2.1.0-6.37.1
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
- CVE-2021-20303Mar 4, 2022affected < 2.1.0-6.37.1fixed 2.1.0-6.37.1
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to applicatio
- CVE-2021-20302Mar 4, 2022affected < 2.1.0-6.37.1fixed 2.1.0-6.37.1
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.
- CVE-2021-20300Mar 4, 2022affected < 2.1.0-6.37.1fixed 2.1.0-6.37.1
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
- CVE-2021-3605Aug 25, 2021affected < 2.1.0-6.34.1fixed 2.1.0-6.34.1
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
- CVE-2021-3598Jul 6, 2021affected < 2.1.0-6.34.1fixed 2.1.0-6.34.1
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability
- CVE-2021-3479Mar 31, 2021affected < 2.1.0-6.34.1fixed 2.1.0-6.34.1
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
- CVE-2021-3476Mar 30, 2021affected < 2.1.0-6.37.1fixed 2.1.0-6.37.1
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
- affected < 2.1.0-6.3.1fixed 2.1.0-6.3.1
In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
- affected < 2.1.0-6.3.1fixed 2.1.0-6.3.1
In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
- affected < 2.1.0-6.3.1fixed 2.1.0-6.3.1
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.