openexr

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A high dynamic-range image file format library
Version 3.2.4-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2107 2.4.0-7 2.4.1-1 Medium Fixed
AVG-2071 3.0.4-1 3.0.5-1 Medium Fixed
AVG-1862 2.5.5-1 Medium Not affected FS#70555
AVG-1746 2.5.3-6 2.5.4-1 Low Fixed
Issue Group Severity Remote Type Description
CVE-2021-23169 AVG-1862 Medium No Arbitrary code execution
A buffer overflow security issue has been found in the exrcheck executable of the OpenEXR 3.0.0 beta release. The issue is fixed in OpenEXR 3.0.1.
CVE-2021-20296 AVG-1746 Low No Denial of service
A flaw was found in OpenEXR in versions before 2.5.4. A crafted input file supplied by an attacker that is processed by the Dwa decompression functionality...
CVE-2021-3605 AVG-2107 Medium Yes Arbitrary code execution
A heap-buffer overflow was found in the rleUncompress function of OpenEXR before version 2.4.1. An attacker could use this flaw to execute arbitrary code...
CVE-2021-3598 AVG-2071 Medium Yes Arbitrary code execution
A heap-buffer overflow was found in the readChars function of OpenEXR before version 3.0.5. An attacker could use this flaw to execute arbitrary code with...
CVE-2021-3479 AVG-1746 Low No Denial of service
There's a flaw in OpenEXR's Scanline API functionality in versions before 2.5.4. An attacker who is able to submit a crafted file to be processed by OpenEXR...
CVE-2021-3478 AVG-1746 Low No Denial of service
There's a flaw in OpenEXR's scanline input file functionality in versions before 2.5.4. An attacker able to submit a crafted file to be processed by OpenEXR...
CVE-2021-3477 AVG-1746 Low No Denial of service
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 2.5.4. An attacker who is able to submit a crafted file to be processed by...
CVE-2021-3476 AVG-1746 Low No Denial of service
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 2.5.4. An attacker who is able to submit a crafted file to OpenEXR could...
CVE-2021-3475 AVG-1746 Low No Denial of service
There is a flaw in OpenEXR in versions before 2.5.4. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow,...
CVE-2021-3474 AVG-1746 Low No Denial of service
There's a flaw in OpenEXR in versions before 2.5.4. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder,...

Advisories

Date Advisory Group Severity Type
06 Jul 2021 ASA-202107-14 AVG-2071 Medium arbitrary code execution