Vendor CVEs
Openexr
All CVEs
69 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3478 | 0.00 | — | 0.01 | Mar 31, 2021 | There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. | |||
| CVE-2021-3474 | 0.00 | — | 0.02 | Mar 30, 2021 | There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. | |||
| CVE-2021-3475 | 0.00 | — | 0.02 | Mar 30, 2021 | There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. | |||
| CVE-2021-3476 | 0.00 | — | 0.02 | Mar 30, 2021 | A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. | |||
| CVE-2020-16588 | 0.00 | — | 0.01 | Dec 9, 2020 | A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. | |||
| CVE-2020-16589 | 0.00 | — | 0.01 | Dec 9, 2020 | A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file. | |||
| CVE-2020-16587 | 0.00 | — | 0.01 | Dec 9, 2020 | A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file. | |||
| CVE-2020-15304 | 0.00 | — | 0.00 | Jun 26, 2020 | An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. | |||
| CVE-2020-15305 | 0.00 | — | 0.00 | Jun 26, 2020 | An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. | |||
| CVE-2020-15306 | 0.00 | — | 0.00 | Jun 26, 2020 | An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. | |||
| CVE-2020-11760 | 0.00 | — | 0.02 | Apr 14, 2020 | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. | |||
| CVE-2020-11761 | 0.00 | — | 0.02 | Apr 14, 2020 | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. | |||
| CVE-2020-11762 | 0.00 | — | 0.02 | Apr 14, 2020 | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. | |||
| CVE-2020-11763 | 0.00 | — | 0.02 | Apr 14, 2020 | An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. | |||
| CVE-2020-11764 | 0.00 | — | 0.02 | Apr 14, 2020 | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. | |||
| CVE-2018-18444 | 0.00 | — | 0.03 | Oct 17, 2018 | makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. | |||
| CVE-2018-18443 | 0.00 | — | 0.02 | Oct 17, 2018 | OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. | |||
| CVE-2009-1722 | 0.00 | — | 0.05 | Jul 31, 2009 | Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2009-1721 | 0.00 | — | 0.04 | Jul 31, 2009 | The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. |
- CVE-2021-3478Mar 31, 2021risk 0.00cvss —epss 0.01
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
- CVE-2021-3474Mar 30, 2021risk 0.00cvss —epss 0.02
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
- CVE-2021-3475Mar 30, 2021risk 0.00cvss —epss 0.02
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
- CVE-2021-3476Mar 30, 2021risk 0.00cvss —epss 0.02
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
- CVE-2020-16588Dec 9, 2020risk 0.00cvss —epss 0.01
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
- CVE-2020-16589Dec 9, 2020risk 0.00cvss —epss 0.01
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
- CVE-2020-16587Dec 9, 2020risk 0.00cvss —epss 0.01
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
- CVE-2020-15304Jun 26, 2020risk 0.00cvss —epss 0.00
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
- CVE-2020-15305Jun 26, 2020risk 0.00cvss —epss 0.00
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
- CVE-2020-15306Jun 26, 2020risk 0.00cvss —epss 0.00
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
- CVE-2020-11760Apr 14, 2020risk 0.00cvss —epss 0.02
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
- CVE-2020-11761Apr 14, 2020risk 0.00cvss —epss 0.02
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
- CVE-2020-11762Apr 14, 2020risk 0.00cvss —epss 0.02
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
- CVE-2020-11763Apr 14, 2020risk 0.00cvss —epss 0.02
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
- CVE-2020-11764Apr 14, 2020risk 0.00cvss —epss 0.02
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
- CVE-2018-18444Oct 17, 2018risk 0.00cvss —epss 0.03
makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
- CVE-2018-18443Oct 17, 2018risk 0.00cvss —epss 0.02
OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.
- CVE-2009-1722Jul 31, 2009risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
- CVE-2009-1721Jul 31, 2009risk 0.00cvss —epss 0.04
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
Page 2 of 2