Openexr

Openexr

54 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-20299

  • EPSS 0.17%
  • Veröffentlicht 16.03.2022 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:46:18

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

7.1

CVE-2021-20302

  • EPSS 0.15%
  • Veröffentlicht 04.03.2022 18:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:18

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerabilit...

7.1

CVE-2021-20300

  • EPSS 0.12%
  • Veröffentlicht 04.03.2022 18:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:18

A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerabilit...

6.1

CVE-2021-20303

  • EPSS 0.11%
  • Veröffentlicht 04.03.2022 18:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:19

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact...

5.5

CVE-2021-45942

Exploit
  • EPSS 0.16%
  • Veröffentlicht 01.01.2022 01:15:09
  • Zuletzt bearbeitet 21.11.2024 06:33:19

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

5.5

CVE-2021-3605

  • EPSS 0.08%
  • Veröffentlicht 25.08.2021 19:15:14
  • Zuletzt bearbeitet 21.11.2024 06:21:57

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to appli...

5.5

CVE-2021-3598

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.07.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:56

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw ...

5.5

CVE-2021-26945

  • EPSS 0.31%
  • Veröffentlicht 08.06.2021 12:15:11
  • Zuletzt bearbeitet 21.11.2024 05:57:05

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

5.5

CVE-2021-26260

  • EPSS 0.09%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:55:59

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

5.5

CVE-2021-23215

  • EPSS 0.09%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:51:23

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.