VYPR

Openexr

by Openexr

pypi: openexr

Source repositories

CVEs (69)

  • CVE-2026-34378MedApr 6, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a…

  • CVE-2026-34380MedApr 6, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undo_pxr24_impl() in…

  • CVE-2026-39886MedApr 21, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K (High-Throughput JPEG 2000) decompression…

  • CVE-2026-34589MedApr 6, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed…

  • CVE-2009-1720Jul 31, 2009
    risk 0.01cvss epss 0.06

    Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the…

  • CVE-2026-45696Jun 18, 2026
    risk 0.00cvss epss 0.00

    OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000) decoder, ht_undo_impl() in OpenEXRCore is vulnerable to a heap-buffer-overflow…

  • CVE-2026-44663Jun 18, 2026
    risk 0.00cvss epss 0.00

    OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl() in src/lib/OpenEXRCore/internal_ht.cpp leads to a heap-buffer overflow when…

  • CVE-2025-12840Dec 23, 2025
    risk 0.00cvss epss 0.00

    Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is…

  • CVE-2025-12839Dec 23, 2025
    risk 0.00cvss epss 0.00

    Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is…

  • CVE-2025-12495Dec 23, 2025
    risk 0.00cvss epss 0.00

    Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is…

  • CVE-2024-31047Apr 8, 2024
    risk 0.00cvss epss 0.00

    An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.

  • CVE-2023-5841Feb 1, 2024
    risk 0.00cvss epss 0.01

    Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved…

  • CVE-2021-20304Aug 23, 2022
    risk 0.00cvss epss 0.02

    A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20298Aug 23, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.

  • CVE-2021-3941Mar 25, 2022
    risk 0.00cvss epss 0.00

    In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could…

  • CVE-2021-3933Mar 25, 2022
    risk 0.00cvss epss 0.01

    An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

  • CVE-2021-20299Mar 16, 2022
    risk 0.00cvss epss 0.02

    A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20302Mar 4, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20300Mar 4, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20303Mar 4, 2022
    risk 0.00cvss epss 0.01

    A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to…