Openexr Openexr

Do you want an email whenever new security vulnerabilities are reported in Openexr?

By the Year

In 2021 there have been 13 vulnerabilities in Openexr with an average score of 5.7 out of ten. Last year Openexr had 12 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.19.

Year Vulnerabilities Average Score
2021 13 5.69
2020 12 5.50
2019 0 0.00
2018 0 0.00

It may take a day or so for new Openexr vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Openexr Security Vulnerabilities

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5

CVE-2021-3605 5.5 - Medium - August 25, 2021

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Out-of-bounds Read

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5

CVE-2021-3598 5.5 - Medium - July 06, 2021

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Buffer Overflow

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1

CVE-2021-23169 8.8 - High - June 08, 2021

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

Memory Corruption

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1

CVE-2021-23215 5.5 - Medium - June 08, 2021

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

Integer Overflow or Wraparound

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1

CVE-2021-26260 5.5 - Medium - June 08, 2021

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

Integer underflow

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1

CVE-2021-26945 5.5 - Medium - June 08, 2021

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

Integer underflow

A flaw was found in OpenEXR in versions before 3.0.0-beta

CVE-2021-20296 5.3 - Medium - April 01, 2021

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta

CVE-2021-3479 5.5 - Medium - March 31, 2021

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

Resource Exhaustion

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta

CVE-2021-3478 5.5 - Medium - March 31, 2021

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.

Resource Exhaustion

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta

CVE-2021-3477 5.5 - Medium - March 31, 2021

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

Out-of-bounds Read

A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta

CVE-2021-3476 5.3 - Medium - March 30, 2021

A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.

Integer Overflow or Wraparound

There is a flaw in OpenEXR in versions before 3.0.0-beta

CVE-2021-3475 5.3 - Medium - March 30, 2021

There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.

Integer Overflow or Wraparound

There's a flaw in OpenEXR in versions before 3.0.0-beta

CVE-2021-3474 5.3 - Medium - March 30, 2021

There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.

Integer Overflow or Wraparound

A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp

CVE-2020-16587 5.5 - Medium - December 09, 2020

A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.

Memory Corruption

An issue was discovered in OpenEXR before v2.5.2

CVE-2020-15306 5.5 - Medium - June 26, 2020

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

Memory Corruption

An issue was discovered in OpenEXR before 2.5.2

CVE-2020-15305 5.5 - Medium - June 26, 2020

An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.

Dangling pointer

An issue was discovered in OpenEXR before 2.5.2

CVE-2020-15304 5.5 - Medium - June 26, 2020

An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.

NULL Pointer Dereference

An issue was discovered in OpenEXR before 2.4.1

CVE-2020-11763 5.5 - Medium - April 14, 2020

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.

Out-of-bounds Read

An issue was discovered in OpenEXR before 2.4.1

CVE-2020-11765 5.5 - Medium - April 14, 2020

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

off-by-five

An issue was discovered in OpenEXR before 2.4.1

CVE-2020-11764 5.5 - Medium - April 14, 2020

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

Memory Corruption

An issue was discovered in OpenEXR before 2.4.1

CVE-2020-11762 5.5 - Medium - April 14, 2020

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.

Out-of-bounds Read

An issue was discovered in OpenEXR before 2.4.1

CVE-2020-11761 5.5 - Medium - April 14, 2020

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.

Out-of-bounds Read

An issue was discovered in OpenEXR before 2.4.1

CVE-2020-11760 5.5 - Medium - April 14, 2020

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

Out-of-bounds Read

An issue was discovered in OpenEXR before 2.4.1

CVE-2020-11759 5.5 - Medium - April 14, 2020

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.

Integer Overflow or Wraparound

An issue was discovered in OpenEXR before 2.4.1

CVE-2020-11758 5.5 - Medium - April 14, 2020

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

Out-of-bounds Read

In OpenEXR 2.2.0

CVE-2017-12596 7.8 - High - August 07, 2017

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.

Out-of-bounds Read

In OpenEXR 2.2.0

CVE-2017-9110 6.5 - Medium - May 21, 2017

In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.

In OpenEXR 2.2.0

CVE-2017-9116 6.5 - Medium - May 21, 2017

In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.

In OpenEXR 2.2.0

CVE-2017-9115 8.8 - High - May 21, 2017

In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.

In OpenEXR 2.2.0

CVE-2017-9114 6.5 - Medium - May 21, 2017

In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.

In OpenEXR 2.2.0

CVE-2017-9113 8.8 - High - May 21, 2017

In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.

In OpenEXR 2.2.0

CVE-2017-9112 6.5 - Medium - May 21, 2017

In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.

In OpenEXR 2.2.0

CVE-2017-9111 8.8 - High - May 21, 2017

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Openexr or by Openexr? Click the Watch button to subscribe.

Openexr
Vendor

Openexr
Product

subscribe