CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3476
https://notcve.org/view.php?id=CVE-2021-3476
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. Se encontró un fallo en la funcionalidad uncompression B44 de OpenEXR en versiones anteriores a 3.0.0-beta. Un atacante que pueda enviar un archivo diseñado a OpenEXR podría desencadenar desbordamientos de turno, lo que podría afectar la disponibilidad de la aplicación. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787 https://bugzilla.redhat.com/show_bug.cgi?id=1939145 https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://security.gentoo.org/glsa/202107-27 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15304
https://notcve.org/view.php?id=CVE-2020-15304
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Un archivo de entrada de mosaico no válido podría provocar un acceso de la memoria no válido en la función TiledInputFile::TiledInputFile() en el archivo IlmImf/ImfTiledInputFile.cpp, como es demostrado por una desreferencia del puntero NULL • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/727 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15305
https://notcve.org/view.php?id=CVE-2020-15305
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. La entrada no válida podría causar un uso de la memoria previamente liberada de la función DeepScanLineInputFile::DeepScanLineInputFile() en el archivo IlmImf/ImfDeepScanLineInputFile.cpp • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/730 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://li • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15306
https://notcve.org/view.php?id=CVE-2020-15306
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Los atributos chunkCount no válidos pueden causar un desbordamiento del búfer de la pila en la función getChunkOffsetTableSize() en el archivo IlmImf/ImfMisc.cpp • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/738 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://li • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 1CVE-2020-11758
https://notcve.org/view.php?id=CVE-2020-11758
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de límites en el archivo ImfOptimizedPixelReading.h. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https:// • CWE-125: Out-of-bounds Read •