CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5841 – OpenEXR Heap Overflow in Scanline Deep Data Parsing
https://notcve.org/view.php?id=CVE-2023-5841
01 Feb 2024 — Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. Debido a un fallo en la validación del número de muestras de líneas de escaneo de un archivo OpenEXR que contiene datos de líneas de escaneo profundas, la librería de análisis... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20298
https://notcve.org/view.php?id=CVE-2021-20298
23 Aug 2022 — A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en B44Compressor de OpenEXR. Este fallo permite a un atacante que puede enviar un archivo diseñado para ser procesado por OpenEXR, agotar toda la memoria accesible a la aplicación. • https://access.redhat.com/security/cve/CVE-2021-20298 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20304 – Gentoo Linux Security Advisory 202210-31
https://notcve.org/view.php?id=CVE-2021-20304
23 Aug 2022 — A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad hufDecode de OpenEXR. Este fallo permite a un atacante que pueda pasar un archivo diseñado para ser procesado por OpenEXR, desencadenar un error de desplazamiento a la derecha no definido. • https://access.redhat.com/security/cve/CVE-2021-20304 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20299
https://notcve.org/view.php?id=CVE-2021-20299
16 Mar 2022 — A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad Multipart input file de OpenEXR. Un archivo de entrada multiparte diseñado sin partes reales puede desencadenar una desreferencia de puntero NULL. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20300
https://notcve.org/view.php?id=CVE-2021-20300
04 Mar 2022 — A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad hufUncompress de OpenEXR en el archivo OpenEXR/IlmImf/ImfHuf.cpp. Este fallo permite a un atacante que pueda enviar un archivo diseñado que sea procesado por OpenEXR, para desencadenar un... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20302
https://notcve.org/view.php?id=CVE-2021-20302
04 Mar 2022 — A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad TiledInputFile de OpenEXR. Este fallo permite a un atacante que pueda enviar una imagen no diseñada de una sola parte para que sea procesada por OpenEXR, para desencadenar un error de exc... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20303
https://notcve.org/view.php?id=CVE-2021-20303
04 Mar 2022 — A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. Un fallo encontrado en la función dataWindowForTile() del archivo IlmImf/ImfTiledMisc.cpp. Un atacante que sea capaz de enviar un archivo diseñado para ser proces... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3933 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3933
12 Nov 2021 — An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. Podría producirse un desbordamiento de enteros cuando OpenEXR procesa un archivo diseñado en sistemas donde size_t es menor a 64 bits. Esto podría causar un valor no válido de bytesPerLine y maxBytesPerLine, lo que podría conllevar a problemas con la e... • https://bugzilla.redhat.com/show_bug.cgi?id=2019783 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3598 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3598
06 Jul 2021 — There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Se presenta un fallo en la funcionalidad ImfDeepScanLineInputFile de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura ... • https://bugzilla.redhat.com/show_bug.cgi?id=1970987 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3605 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3605
22 Jun 2021 — There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Se presenta un fallo en la funcionalidad rleUncompress de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1970991 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •