VYPR
Vendor

Openexr

Products
1
CVEs
69
Across products
69
Status
Private

Products

1

Recent CVEs

69
View all 69 CVEs →
  • CVE-2026-42217CriMay 7, 2026
    risk 0.57cvss 9.8epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a…

  • CVE-2017-9115HigMay 21, 2017
    risk 0.57cvss 8.8epss 0.03

    In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.

  • CVE-2017-9113HigMay 21, 2017
    risk 0.57cvss 8.8epss 0.03

    In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.

  • CVE-2017-9111HigMay 21, 2017
    risk 0.57cvss 8.8epss 0.03

    In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.

  • CVE-2026-42216CriMay 7, 2026
    risk 0.52cvss 9.1epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from…

  • CVE-2017-12596HigAug 7, 2017
    risk 0.51cvss 7.8epss 0.02

    In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.

  • CVE-2026-41142HigMay 7, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in…

  • CVE-2025-59731MedOct 6, 2025
    risk 0.45cvss epss 0.00

    When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer…

  • CVE-2026-34588HigApr 6, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit…

  • CVE-2026-34543HigApr 1, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data…

  • CVE-2017-9116MedMay 21, 2017
    risk 0.42cvss 6.5epss 0.02

    In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.

  • CVE-2017-9114MedMay 21, 2017
    risk 0.42cvss 6.5epss 0.02

    In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.

  • CVE-2017-9112MedMay 21, 2017
    risk 0.42cvss 6.5epss 0.02

    In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.

  • CVE-2017-9110MedMay 21, 2017
    risk 0.42cvss 6.5epss 0.02

    In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.

  • CVE-2026-34545HigApr 1, 2026
    risk 0.40cvss 7.3epss 0.01

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of…

  • CVE-2026-34544HigApr 1, 2026
    risk 0.40cvss 7.3epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that…

  • CVE-2026-40250HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1040` performs `chan->width…

  • CVE-2026-40244HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1722` performs `curc->width…

  • CVE-2026-34379HigApr 6, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in…

  • CVE-2017-14988MedOct 3, 2017
    risk 0.36cvss 5.5epss 0.01

    Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third…