CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3933 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3933
12 Nov 2021 — An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. Podría producirse un desbordamiento de enteros cuando OpenEXR procesa un archivo diseñado en sistemas donde size_t es menor a 64 bits. Esto podría causar un valor no válido de bytesPerLine y maxBytesPerLine, lo que podría conllevar a problemas con la e... • https://bugzilla.redhat.com/show_bug.cgi?id=2019783 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3598 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3598
06 Jul 2021 — There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Se presenta un fallo en la funcionalidad ImfDeepScanLineInputFile de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura ... • https://bugzilla.redhat.com/show_bug.cgi?id=1970987 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3605 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3605
22 Jun 2021 — There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Se presenta un fallo en la funcionalidad rleUncompress de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1970991 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26945
https://notcve.org/view.php?id=CVE-2021-26945
08 Jun 2021 — An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. Se ha encontrado un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR • https://bugzilla.redhat.com/show_bug.cgi?id=1947591 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23169 – Gentoo Linux Security Advisory 202210-31
https://notcve.org/view.php?id=CVE-2021-23169
08 Jun 2021 — A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR. Se encontró un desbordamiento del búfer de la pila en la función copyIntoFrameBuffer de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para ejecutar código arbitrario con los permisos del usuario que ejecuta la aplicación compilada con ... • https://bugzilla.redhat.com/show_bug.cgi?id=1947612 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-23215 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-23215
08 Jun 2021 — An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. Se ha encontrado un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en el DwaCompressor de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR Multiple security vulnerabilities have been found in OpenEXR, c... • https://bugzilla.redhat.com/show_bug.cgi?id=1947586 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-26260 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-26260
08 Jun 2021 — An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. Se encontró un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en el DwaCompressor de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR. • https://bugzilla.redhat.com/show_bug.cgi?id=1947582 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20296 – Ubuntu Security Notice USN-4996-1
https://notcve.org/view.php?id=CVE-2021-20296
01 Apr 2021 — A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. Se encontró un fallo en OpenEXR en versiones anteriores a 3.0.0-beta. Un archivo de entrada diseñado proporcionado por un atacante, que es procesado por la funcionalidad de decompresión Dwa de la biblioteca... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3477 – Gentoo Linux Security Advisory 202107-27
https://notcve.org/view.php?id=CVE-2021-3477
31 Mar 2021 — There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. Se presenta un fallo en los cálculos de tamaño de la muestra de mosaicos profundos de OpenEXR versiones anteriores a la 3.0.0-beta. Un atacante que pueda ser capaz de enviar un archivo diseñad... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3478 – Ubuntu Security Notice USN-4900-1
https://notcve.org/view.php?id=CVE-2021-3478
31 Mar 2021 — There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. Se presenta un fallo en la funcionalidad scanline input file de OpenEXR en versiones anteriores a 3.0.0-beta. Un atacante capaz de enviar un archivo diseñado para que sea procesado por OpenEXR podría consumir una cantidad excesiva de la memoria d... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •