CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5841 – OpenEXR Heap Overflow in Scanline Deep Data Parsing
https://notcve.org/view.php?id=CVE-2023-5841
01 Feb 2024 — Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. Debido a un fallo en la validación del número de muestras de líneas de escaneo de un archivo OpenEXR que contiene datos de líneas de escaneo profundas, la librería de análisis... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2021-45942 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-45942
31 Dec 2021 — OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. OpenEXR versión 3.1.x anterior a la versión 3.1.4 tiene un desbordamiento de búfer basado en la pila en Imf_3_1::LineCompositeTask::execute (llamado desde IlmThread_3_1::NullThreadPoolProvider::addTask e IlmThread_3_1::ThreadPool::addGlobalTask). NOTA: db217f2 puede ser ... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-3941 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3941
18 Nov 2021 — In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. En la rutina RGBtoXYZ() del archivo ImfChromaticities.cpp, se presentan algunas operaciones de división como "float Z = (1 - chroma.w... • https://bugzilla.redhat.com/show_bug.cgi?id=2019789 • CWE-369: Divide By Zero •