Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openexr vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2021-20300
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availabili...
Openexr Openexr
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2021-45942
OpenEXR 3.1.x prior to 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
Openexr Openexr
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.5
CVSSv3
CVE-2021-3605
There's a flaw in OpenEXR's rleUncompress functionality in versions before 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Openexr Openexr
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.5
CVSSv3
CVE-2020-19490
tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.
Tinyexr Project Tinyexr 0.9.5
5.5
CVSSv3
CVE-2021-3598
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions before 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application avai...
Openexr Openexr
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2021-23169
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions prior to 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
Openexr Openexr
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5.5
CVSSv3
CVE-2021-23215
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions prior to 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
Openexr Openexr
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.5
CVSSv3
CVE-2021-26260
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions prior to 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
Openexr Openexr
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.5
CVSSv3
CVE-2021-26945
An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions prior to 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
Openexr Openexr
5.3
CVSSv3
CVE-2021-20296
A flaw was found in OpenEXR in versions prior to 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability...
Openexr Openexr
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »