Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openexr vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-3933
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
Openexr Openexr
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2.1
CVSSv2
CVE-2020-15304
An issue exists in OpenEXR prior to 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
Openexr Openexr
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Leap 15.2
2.1
CVSSv2
CVE-2021-3598
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions before 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application avai...
Openexr Openexr
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2021-3605
There's a flaw in OpenEXR's rleUncompress functionality in versions before 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Openexr Openexr
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2023-50245
OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions before 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1.
Afichet Openexr Viewer
4.3
CVSSv2
CVE-2018-18443
OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.
Ilm Openexr 2.3.0
6.8
CVSSv2
CVE-2018-18444
makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
Ilm Openexr 2.3.0
4.3
CVSSv2
CVE-2021-23215
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions prior to 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
Openexr Openexr
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2021-26260
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions prior to 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
Openexr Openexr
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2009-1721
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
Openexr Openexr 1.2.2
Openexr Openexr 1.6.1
Opensuse Opensuse 11.0
Opensuse Opensuse 10.3
Opensuse Opensuse 10.0
Apple Mac Os X
Debian Debian Linux 5.0
Debian Debian Linux 4.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Fedoraproject Fedora 11
Fedoraproject Fedora 10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »