Openexr

Openexr

60 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-45942

Exploit
  • EPSS 0.18%
  • Veröffentlicht 01.01.2022 01:15:09
  • Zuletzt bearbeitet 21.11.2024 06:33:19

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

5.5

CVE-2021-3605

  • EPSS 0.45%
  • Veröffentlicht 25.08.2021 19:15:14
  • Zuletzt bearbeitet 21.11.2024 06:21:57

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to appli...

5.5

CVE-2021-3598

Exploit
  • EPSS 0.16%
  • Veröffentlicht 06.07.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:56

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw ...

5.5

CVE-2021-26945

  • EPSS 0.26%
  • Veröffentlicht 08.06.2021 12:15:11
  • Zuletzt bearbeitet 21.11.2024 05:57:05

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

5.5

CVE-2021-26260

  • EPSS 0.54%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:55:59

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

5.5

CVE-2021-23215

  • EPSS 0.11%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:51:23

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

8.8

CVE-2021-23169

  • EPSS 0.19%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:51:19

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

5.3

CVE-2021-20296

  • EPSS 1.01%
  • Veröffentlicht 01.04.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:18

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat ...

5.5

CVE-2021-3478

  • EPSS 0.51%
  • Veröffentlicht 31.03.2021 14:15:21
  • Zuletzt bearbeitet 21.11.2024 06:21:38

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system ava...

5.5

CVE-2021-3479

  • EPSS 0.48%
  • Veröffentlicht 31.03.2021 14:15:21
  • Zuletzt bearbeitet 21.11.2024 06:21:38

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availabi...