Page 8 of 49 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 1

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una escritura fuera de límites en la función copyIntoFrameBuffer en el archivo ImfMisc.cpp. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https:// • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 1

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta un error por un paso en el uso de la función de lectura del archivo ImfXdr.h por DwaCompressor::Classifier::Classifier, conllevando a una lectura fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https:// • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid ** EN DISPUTA ** Header::readfrom en IlmImf/ImfHeader.cpp en OpenEXR 2.2.0 permite que los atacantes remotos provoquen una denegación de servicio (asignación de memoria excesiva) mediante un archivo manipulado al que se puede acceder con la función ImfOpenInputFile en IlmImf/ImfCRgbaFile.cpp. NOTA: El mantenedor de software y varios terceros creen que esta vulnerabilidad no es válida. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html https://github.com/openexr/openexr/issues/248 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact. En OpenEXR 2.2.0, una imagen manipulada provoca una sobrelectura de búfer basada en memoria dinámica en la función hufDecode en IlmImf/ImfHuf.cpp durante la ejecución de exrmaketiled. Esto podría tener como consecuencia una denegación de servicio o, posiblemente, causar otro tipo de impacto no especificado. • https://github.com/openexr/openexr/issues/238 https://github.com/openexr/openexr/releases/tag/v2.3.0 https://github.com/xiaoqx/pocs/blob/master/openexr.md https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://usn.ubuntu.com/4148-1 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. En OpenEXR 2.2.0 una escritura inválida de tamaño 8 en la función storeSSE en ImfOptimizedPixelReading.h podría provocar el cierre inesperado de una aplicación o ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html http://www.openwall.com/lists/oss-security/2017/05/12/5 https://github.com/openexr/openexr/issues/232 https://github.com/openexr/openexr/pull/233 https://github.com/openexr/openexr/releases/tag/v2.2.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://usn.ubuntu.com/4148-1 https://usn.ubuntu.com&# •