CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31047
https://notcve.org/view.php?id=CVE-2024-31047
08 Apr 2024 — An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. Un problema en Academy Software Foundation openexr v.3.2.3 y anteriores permite que un atacante local provoque una denegación de servicio (DoS) a través de la función de conversión de exrmultipart.cpp. • https://github.com/AcademySoftwareFoundation/openexr/issues/1680 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5841 – OpenEXR Heap Overflow in Scanline Deep Data Parsing
https://notcve.org/view.php?id=CVE-2023-5841
01 Feb 2024 — Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. Debido a un fallo en la validación del número de muestras de líneas de escaneo de un archivo OpenEXR que contiene datos de líneas de escaneo profundas, la librería de análisis... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2021-45942 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-45942
31 Dec 2021 — OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. OpenEXR versión 3.1.x anterior a la versión 3.1.4 tiene un desbordamiento de búfer basado en la pila en Imf_3_1::LineCompositeTask::execute (llamado desde IlmThread_3_1::NullThreadPoolProvider::addTask e IlmThread_3_1::ThreadPool::addGlobalTask). NOTA: db217f2 puede ser ... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-3941 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3941
18 Nov 2021 — In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. En la rutina RGBtoXYZ() del archivo ImfChromaticities.cpp, se presentan algunas operaciones de división como "float Z = (1 - chroma.w... • https://bugzilla.redhat.com/show_bug.cgi?id=2019789 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3933 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3933
12 Nov 2021 — An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. Podría producirse un desbordamiento de enteros cuando OpenEXR procesa un archivo diseñado en sistemas donde size_t es menor a 64 bits. Esto podría causar un valor no válido de bytesPerLine y maxBytesPerLine, lo que podría conllevar a problemas con la e... • https://bugzilla.redhat.com/show_bug.cgi?id=2019783 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20298 – openSUSE Security Advisory - openSUSE-SU-2021:2793-1
https://notcve.org/view.php?id=CVE-2021-20298
20 Aug 2021 — A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en B44Compressor de OpenEXR. Este fallo permite a un atacante que puede enviar un archivo diseñado para ser procesado por OpenEXR, agotar toda la memoria accesible a la aplicación. • https://access.redhat.com/security/cve/CVE-2021-20298 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20299 – openSUSE Security Advisory - openSUSE-SU-2021:2793-1
https://notcve.org/view.php?id=CVE-2021-20299
20 Aug 2021 — A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad Multipart input file de OpenEXR. Un archivo de entrada multiparte diseñado sin partes reales puede desencadenar una desreferencia de puntero NULL. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20304 – Gentoo Linux Security Advisory 202210-31
https://notcve.org/view.php?id=CVE-2021-20304
20 Aug 2021 — A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad hufDecode de OpenEXR. Este fallo permite a un atacante que pueda pasar un archivo diseñado para ser procesado por OpenEXR, desencadenar un error de desplazamiento a la derecha no definido. • https://access.redhat.com/security/cve/CVE-2021-20304 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20300 – openSUSE Security Advisory - openSUSE-SU-2021:2793-1
https://notcve.org/view.php?id=CVE-2021-20300
20 Aug 2021 — A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad hufUncompress de OpenEXR en el archivo OpenEXR/IlmImf/ImfHuf.cpp. Este fallo permite a un atacante que pueda enviar un archivo diseñado que sea procesado por OpenEXR, para desencadenar un... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20302 – openSUSE Security Advisory - openSUSE-SU-2021:2793-1
https://notcve.org/view.php?id=CVE-2021-20302
20 Aug 2021 — A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad TiledInputFile de OpenEXR. Este fallo permite a un atacante que pueda enviar una imagen no diseñada de una sola parte para que sea procesada por OpenEXR, para desencadenar un error de exc... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894 • CWE-20: Improper Input Validation •