CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15304
https://notcve.org/view.php?id=CVE-2020-15304
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Un archivo de entrada de mosaico no válido podría provocar un acceso de la memoria no válido en la función TiledInputFile::TiledInputFile() en el archivo IlmImf/ImfTiledInputFile.cpp, como es demostrado por una desreferencia del puntero NULL • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/727 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15305
https://notcve.org/view.php?id=CVE-2020-15305
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. La entrada no válida podría causar un uso de la memoria previamente liberada de la función DeepScanLineInputFile::DeepScanLineInputFile() en el archivo IlmImf/ImfDeepScanLineInputFile.cpp • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/730 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://li • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15306
https://notcve.org/view.php?id=CVE-2020-15306
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Los atributos chunkCount no válidos pueden causar un desbordamiento del búfer de la pila en la función getChunkOffsetTableSize() en el archivo IlmImf/ImfMisc.cpp • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/738 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://li • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 1CVE-2020-11758
https://notcve.org/view.php?id=CVE-2020-11758
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de límites en el archivo ImfOptimizedPixelReading.h. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https:// • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 1CVE-2020-11759
https://notcve.org/view.php?id=CVE-2020-11759
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Debido a un desbordamientos de enteros en las funciones CompositeDeepScanLine::Data::handleDeepFrameBuffer y readSampleCountForLineBlock, un atacante puede escribir en un puntero fuera de límites. • https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https://security.gentoo.org/glsa/202107-27 https://support.apple.com/kb/HT211288& • CWE-190: Integer Overflow or Wraparound •