Vulnerabilities > Openexr

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2021-3933 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.
4.3
2022-03-25 CVE-2021-3941 Divide By Zero vulnerability in multiple products
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value.
local
low complexity
openexr redhat fedoraproject CWE-369
2.1
2022-03-16 CVE-2021-20299 NULL Pointer Dereference vulnerability in Openexr
A flaw was found in OpenEXR's Multipart input file functionality.
network
openexr CWE-476
4.3
2022-03-04 CVE-2021-20300 Integer Overflow or Wraparound vulnerability in Openexr
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp.
network
openexr CWE-190
7.1
2022-03-04 CVE-2021-20302 Unspecified vulnerability in Openexr
A flaw was found in OpenEXR's TiledInputFile functionality.
network
openexr
7.1
2022-03-04 CVE-2021-20303 Integer Overflow or Wraparound vulnerability in Openexr
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp.
network
openexr CWE-190
5.8
2022-01-01 CVE-2021-45942 Out-of-bounds Write vulnerability in multiple products
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask).
4.3
2021-08-25 CVE-2021-3605 Out-of-bounds Read vulnerability in multiple products
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5.
4.3
2021-07-06 CVE-2021-3598 Out-of-bounds Read vulnerability in multiple products
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5.
local
low complexity
openexr redhat CWE-125
2.1
2021-06-08 CVE-2021-23169 Out-of-bounds Write vulnerability in multiple products
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1.
6.8