Page 8 of 49 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. makeMultiView.cpp en exrmultiview en OpenEXR 2.3.0 tiene una escritura fuera de límites, lo que conduce a un fallo de aserción o, posiblemente, a otro tipo de impacto sin especificar. • https://github.com/openexr/openexr/issues/351 https://github.com/openexr/openexr/releases/tag/v2.4.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5E2OZU4ZSF5W4ODBU4L547HX5A4WOBFV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZN7WUH3SR6DSRODRB4SLFTBKP74FVC5 https://usn.ubuntu.com/4148-1 https://usn.ubuntu.com/4339-1 • CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. OpenEXR 2.3.0 tiene una fuga de memoria en ThreadPool en IlmBase/IlmThread/IlmThreadPool.cpp, tal y como queda demostrado con exrmultiview. • https://github.com/openexr/openexr/issues/350 https://github.com/openexr/openexr/releases/tag/v2.4.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5E2OZU4ZSF5W4ODBU4L547HX5A4WOBFV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZN7WUH3SR6DSRODRB4SLFTBKP74FVC5 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid ** EN DISPUTA ** Header::readfrom en IlmImf/ImfHeader.cpp en OpenEXR 2.2.0 permite que los atacantes remotos provoquen una denegación de servicio (asignación de memoria excesiva) mediante un archivo manipulado al que se puede acceder con la función ImfOpenInputFile en IlmImf/ImfCRgbaFile.cpp. NOTA: El mantenedor de software y varios terceros creen que esta vulnerabilidad no es válida. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html https://github.com/openexr/openexr/issues/248 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact. En OpenEXR 2.2.0, una imagen manipulada provoca una sobrelectura de búfer basada en memoria dinámica en la función hufDecode en IlmImf/ImfHuf.cpp durante la ejecución de exrmaketiled. Esto podría tener como consecuencia una denegación de servicio o, posiblemente, causar otro tipo de impacto no especificado. • https://github.com/openexr/openexr/issues/238 https://github.com/openexr/openexr/releases/tag/v2.3.0 https://github.com/xiaoqx/pocs/blob/master/openexr.md https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://usn.ubuntu.com/4148-1 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. En OpenEXR 2.2.0 una escritura inválida de tamaño 8 en la función storeSSE en ImfOptimizedPixelReading.h podría provocar el cierre inesperado de una aplicación o ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html http://www.openwall.com/lists/oss-security/2017/05/12/5 https://github.com/openexr/openexr/issues/232 https://github.com/openexr/openexr/pull/233 https://github.com/openexr/openexr/releases/tag/v2.2.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://usn.ubuntu.com/4148-1 https://usn.ubuntu.com&# •