CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18443
https://notcve.org/view.php?id=CVE-2018-18443
OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. OpenEXR 2.3.0 tiene una fuga de memoria en ThreadPool en IlmBase/IlmThread/IlmThreadPool.cpp, tal y como queda demostrado con exrmultiview. • https://github.com/openexr/openexr/issues/350 https://github.com/openexr/openexr/releases/tag/v2.4.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5E2OZU4ZSF5W4ODBU4L547HX5A4WOBFV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZN7WUH3SR6DSRODRB4SLFTBKP74FVC5 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18444
https://notcve.org/view.php?id=CVE-2018-18444
makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. makeMultiView.cpp en exrmultiview en OpenEXR 2.3.0 tiene una escritura fuera de límites, lo que conduce a un fallo de aserción o, posiblemente, a otro tipo de impacto sin especificar. • https://github.com/openexr/openexr/issues/351 https://github.com/openexr/openexr/releases/tag/v2.4.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5E2OZU4ZSF5W4ODBU4L547HX5A4WOBFV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZN7WUH3SR6DSRODRB4SLFTBKP74FVC5 https://usn.ubuntu.com/4148-1 https://usn.ubuntu.com/4339-1 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14988
https://notcve.org/view.php?id=CVE-2017-14988
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid ** EN DISPUTA ** Header::readfrom en IlmImf/ImfHeader.cpp en OpenEXR 2.2.0 permite que los atacantes remotos provoquen una denegación de servicio (asignación de memoria excesiva) mediante un archivo manipulado al que se puede acceder con la función ImfOpenInputFile en IlmImf/ImfCRgbaFile.cpp. NOTA: El mantenedor de software y varios terceros creen que esta vulnerabilidad no es válida. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html https://github.com/openexr/openexr/issues/248 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-12596
https://notcve.org/view.php?id=CVE-2017-12596
In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact. En OpenEXR 2.2.0, una imagen manipulada provoca una sobrelectura de búfer basada en memoria dinámica en la función hufDecode en IlmImf/ImfHuf.cpp durante la ejecución de exrmaketiled. Esto podría tener como consecuencia una denegación de servicio o, posiblemente, causar otro tipo de impacto no especificado. • https://github.com/openexr/openexr/issues/238 https://github.com/openexr/openexr/releases/tag/v2.3.0 https://github.com/xiaoqx/pocs/blob/master/openexr.md https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://usn.ubuntu.com/4148-1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9110
https://notcve.org/view.php?id=CVE-2017-9110
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. En OpenEXR una lectura invalida de tamaño 2 en la función hufDecode en ImfHuf.cpp podría provocar el cierre inesperado de la aplicación. • http://www.openwall.com/lists/oss-security/2017/05/12/5 https://github.com/openexr/openexr/issues/232 https://github.com/openexr/openexr/pull/233 https://github.com/openexr/openexr/releases/tag/v2.2.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://usn.ubuntu.com/4148-1 •