Page 8 of 50 results (0.014 seconds)

CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 1

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta un error por un paso en el uso de la función de lectura del archivo ImfXdr.h por DwaCompressor::Classifier::Classifier, conllevando a una lectura fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https:// • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. makeMultiView.cpp en exrmultiview en OpenEXR 2.3.0 tiene una escritura fuera de límites, lo que conduce a un fallo de aserción o, posiblemente, a otro tipo de impacto sin especificar. • https://github.com/openexr/openexr/issues/351 https://github.com/openexr/openexr/releases/tag/v2.4.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5E2OZU4ZSF5W4ODBU4L547HX5A4WOBFV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZN7WUH3SR6DSRODRB4SLFTBKP74FVC5 https://usn.ubuntu.com/4148-1 https://usn.ubuntu.com/4339-1 • CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. OpenEXR 2.3.0 tiene una fuga de memoria en ThreadPool en IlmBase/IlmThread/IlmThreadPool.cpp, tal y como queda demostrado con exrmultiview. • https://github.com/openexr/openexr/issues/350 https://github.com/openexr/openexr/releases/tag/v2.4.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5E2OZU4ZSF5W4ODBU4L547HX5A4WOBFV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZN7WUH3SR6DSRODRB4SLFTBKP74FVC5 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid ** EN DISPUTA ** Header::readfrom en IlmImf/ImfHeader.cpp en OpenEXR 2.2.0 permite que los atacantes remotos provoquen una denegación de servicio (asignación de memoria excesiva) mediante un archivo manipulado al que se puede acceder con la función ImfOpenInputFile en IlmImf/ImfCRgbaFile.cpp. NOTA: El mantenedor de software y varios terceros creen que esta vulnerabilidad no es válida. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html https://github.com/openexr/openexr/issues/248 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact. En OpenEXR 2.2.0, una imagen manipulada provoca una sobrelectura de búfer basada en memoria dinámica en la función hufDecode en IlmImf/ImfHuf.cpp durante la ejecución de exrmaketiled. Esto podría tener como consecuencia una denegación de servicio o, posiblemente, causar otro tipo de impacto no especificado. • https://github.com/openexr/openexr/issues/238 https://github.com/openexr/openexr/releases/tag/v2.3.0 https://github.com/xiaoqx/pocs/blob/master/openexr.md https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://usn.ubuntu.com/4148-1 • CWE-125: Out-of-bounds Read •