Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
70 vulnerabilities by openexr
CVE-2026-34589 (GCVE-0-2026-34589)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:33 – Updated: 2026-04-07 13:05
VLAI?
Title
OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.2.0, < 3.2.7
Affected: >= 3.3.0, < 3.3.9 Affected: >= 3.4.0, < 3.4.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T03:56:05.730658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:05:41.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.2.7"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.9"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:08:13.554Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-p8xc-w3q4-h64x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-p8xc-w3q4-h64x"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9"
}
],
"source": {
"advisory": "GHSA-p8xc-w3q4-h64x",
"discovery": "UNKNOWN"
},
"title": "OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34589",
"datePublished": "2026-04-06T15:33:03.276Z",
"dateReserved": "2026-03-30T17:15:52.498Z",
"dateUpdated": "2026-04-07T13:05:41.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34588 (GCVE-0-2026-34588)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:31 – Updated: 2026-04-07 13:05
VLAI?
Title
OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.1.0, <= 3.1.13
Affected: >= 3.2.0, < 3.2.7 Affected: >= 3.3.0, < 3.3.9 Affected: >= 3.4.0, < 3.4.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T03:56:04.356566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:05:55.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c= 3.1.13"
},
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.2.7"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.9"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:07:58.463Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9"
}
],
"source": {
"advisory": "GHSA-588r-cr5c-w6hf",
"discovery": "UNKNOWN"
},
"title": "OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34588",
"datePublished": "2026-04-06T15:31:57.602Z",
"dateReserved": "2026-03-30T16:56:30.999Z",
"dateUpdated": "2026-04-07T13:05:55.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34380 (GCVE-0-2026-34380)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:22 – Updated: 2026-04-07 14:15
VLAI?
Title
OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undo_pxr24_impl() in src/lib/OpenEXRCore/internal_pxr24.c at line 377. The expression (uint64_t)(w * 3) computes w * 3 as a signed 32-bit integer before casting to uint64_t. When w is large, this multiplication constitutes undefined behavior under the C standard. On tested builds (clang/gcc without sanitizers), two's-complement wraparound commonly occurs, and for specific values of w the wrapped result is a small positive integer, which may allow the subsequent bounds check to pass incorrectly. If the check is bypassed, the decoding loop proceeds to write pixel data through dout, potentially extending far beyond the allocated output buffer. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
Severity ?
5.9 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.2.0, < 3.2.7
Affected: >= 3.3.0, < 3.3.9 Affected: >= 3.4.0, < 3.4.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34380",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:12:54.907799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:15:07.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.2.7"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.9"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undo_pxr24_impl() in src/lib/OpenEXRCore/internal_pxr24.c at line 377. The expression (uint64_t)(w * 3) computes w * 3 as a signed 32-bit integer before casting to uint64_t. When w is large, this multiplication constitutes undefined behavior under the C standard. On tested builds (clang/gcc without sanitizers), two\u0027s-complement wraparound commonly occurs, and for specific values of w the wrapped result is a small positive integer, which may allow the subsequent bounds check to pass incorrectly. If the check is bypassed, the decoding loop proceeds to write pixel data through dout, potentially extending far beyond the allocated output buffer. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:07:36.146Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q3v8-hw4m-59w5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q3v8-hw4m-59w5"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9"
}
],
"source": {
"advisory": "GHSA-q3v8-hw4m-59w5",
"discovery": "UNKNOWN"
},
"title": "OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34380",
"datePublished": "2026-04-06T15:22:40.198Z",
"dateReserved": "2026-03-27T13:43:14.370Z",
"dateUpdated": "2026-04-07T14:15:07.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34379 (GCVE-0-2026-34379)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:21 – Updated: 2026-04-07 03:07
VLAI?
Title
OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF→FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
Severity ?
7.1 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.2.0, < 3.2.7
Affected: >= 3.3.0, < 3.3.9 Affected: >= 3.4.0, < 3.4.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34379",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T18:38:21.966448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T18:38:32.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.2.7"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.9"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF\u2192FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704: Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:07:14.371Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9"
}
],
"source": {
"advisory": "GHSA-w88v-vqhq-5p24",
"discovery": "UNKNOWN"
},
"title": "OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34379",
"datePublished": "2026-04-06T15:21:06.556Z",
"dateReserved": "2026-03-27T13:43:14.370Z",
"dateUpdated": "2026-04-07T03:07:14.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34378 (GCVE-0-2026-34378)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:19 – Updated: 2026-04-07 03:07
VLAI?
Title
OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). By setting dataWindow.min.x to a large negative value, OpenEXRCore computes an enormous image width, which is later used in a signed integer multiplication that overflows, causing the process to terminate with SIGILL via UBSan. This vulnerability is fixed in 3.4.9.
Severity ?
6.5 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.4.0, < 3.4.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34378",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T15:33:07.546592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:17:58.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). By setting dataWindow.min.x to a large negative value, OpenEXRCore computes an enormous image width, which is later used in a signed integer multiplication that overflows, causing the process to terminate with SIGILL via UBSan. This vulnerability is fixed in 3.4.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:07:17.341Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-v76p-4qvv-vh4g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-v76p-4qvv-vh4g"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9"
}
],
"source": {
"advisory": "GHSA-v76p-4qvv-vh4g",
"discovery": "UNKNOWN"
},
"title": "OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34378",
"datePublished": "2026-04-06T15:19:34.871Z",
"dateReserved": "2026-03-27T13:43:14.370Z",
"dateUpdated": "2026-04-07T03:07:17.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34543 (GCVE-0-2026-34543)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:56 – Updated: 2026-04-02 13:59
VLAI?
Title
OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). This occurs under default settings; simply reading a malicious EXR file is sufficient to trigger the issue, without any user interaction. This issue has been patched in version 3.4.8.
Severity ?
CWE
- CWE-908 - Use of Uninitialized Resource
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.4.0, < 3.4.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34543",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:59:28.075872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:59:31.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vc68-257w-m432"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). This occurs under default settings; simply reading a malicious EXR file is sufficient to trigger the issue, without any user interaction. This issue has been patched in version 3.4.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908: Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:56:18.776Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vc68-257w-m432",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vc68-257w-m432"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/commit/5f6d0aaa9e43802917af7db90f181e88e083d3b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/5f6d0aaa9e43802917af7db90f181e88e083d3b8"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8"
}
],
"source": {
"advisory": "GHSA-vc68-257w-m432",
"discovery": "UNKNOWN"
},
"title": "OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34543",
"datePublished": "2026-04-01T20:56:18.776Z",
"dateReserved": "2026-03-30T16:31:39.264Z",
"dateUpdated": "2026-04-02T13:59:31.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34544 (GCVE-0-2026-34544)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:55 – Updated: 2026-04-02 18:02
VLAI?
Title
OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.4.0, < 3.4.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34544",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T18:02:44.377306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:02:56.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:55:30.493Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8"
}
],
"source": {
"advisory": "GHSA-h762-rhv3-h25v",
"discovery": "UNKNOWN"
},
"title": "OpenEXR: integer overflow to OOB write in uncompress_b44_impl()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34544",
"datePublished": "2026-04-01T20:55:30.493Z",
"dateReserved": "2026-03-30T16:31:39.264Z",
"dateUpdated": "2026-04-02T18:02:56.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34545 (GCVE-0-2026-34545)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:51 – Updated: 2026-04-03 19:47
VLAI?
Title
OpenEXR: integer overflow lead to OOB in HTJ2K decoder
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controlled data beyond the output heap buffer in any application that decodes EXR images. The write primitive is 2 bytes per overflow iteration or 4 bytes (by another path), repeating for each additional pixel past the overflow point. In this context, a heap write overflow can lead to remote code execution on systems. This issue has been patched in version 3.4.7.
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.4.0, < 3.4.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34545",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T19:46:42.924931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T19:47:18.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controlled data beyond the output heap buffer in any application that decodes EXR images. The write primitive is 2 bytes per overflow iteration or 4 bytes (by another path), repeating for each additional pixel past the overflow point. In this context, a heap write overflow can lead to remote code execution on systems. This issue has been patched in version 3.4.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:51:45.884Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-ghfj-fx47-wg97",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-ghfj-fx47-wg97"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/commit/3827998f5c041d6a94c6af24bbb363daa669e4b3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/3827998f5c041d6a94c6af24bbb363daa669e4b3"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.7"
}
],
"source": {
"advisory": "GHSA-ghfj-fx47-wg97",
"discovery": "UNKNOWN"
},
"title": "OpenEXR: integer overflow lead to OOB in HTJ2K decoder"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34545",
"datePublished": "2026-04-01T20:51:45.884Z",
"dateReserved": "2026-03-30T16:31:39.264Z",
"dateUpdated": "2026-04-03T19:47:18.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27622 (GCVE-0-2026-27622)
Vulnerability from cvelistv5 – Published: 2026-03-03 22:42 – Updated: 2026-03-11 03:56
VLAI?
Title
OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 2.3.0, < 3.2.6
Affected: >= 3.3.0, < 3.3.8 Affected: >= 3.4.0, < 3.4.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:56:39.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 3.2.6"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.8"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector\u003cunsigned int\u003e total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T22:42:49.086Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963"
}
],
"source": {
"advisory": "GHSA-cr4v-6jm6-4963",
"discovery": "UNKNOWN"
},
"title": "OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27622",
"datePublished": "2026-03-03T22:42:49.086Z",
"dateReserved": "2026-02-20T22:02:30.027Z",
"dateUpdated": "2026-03-11T03:56:39.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26981 (GCVE-0-2026-26981)
Vulnerability from cvelistv5 – Published: 2026-02-24 02:26 – Updated: 2026-02-24 20:03
VLAI?
Title
OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.
Severity ?
6.5 (Medium)
CWE
- CWE-195 - Signed to Unsigned Conversion Error
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.3.0, < 3.3.7
Affected: >= 3.4.0, < 3.4.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26981",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T19:50:34.463990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T20:03:54.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.7"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-195",
"description": "CWE-195: Signed to Unsigned Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T02:26:16.659Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8c"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8"
}
],
"source": {
"advisory": "GHSA-q6vj-wxvf-5m8c",
"discovery": "UNKNOWN"
},
"title": "OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26981",
"datePublished": "2026-02-24T02:26:16.659Z",
"dateReserved": "2026-02-17T01:41:24.605Z",
"dateUpdated": "2026-02-24T20:03:54.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12840 (GCVE-0-2025-12840)
Vulnerability from cvelistv5 – Published: 2025-12-23 21:41 – Updated: 2025-12-24 16:04
VLAI?
Title
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27948.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Academy Software Foundation | OpenEXR |
Affected:
3.4.0
|
Date Public ?
2025-11-11 23:26
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T16:03:57.223598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T16:04:03.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OpenEXR",
"vendor": "Academy Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"dateAssigned": "2025-11-06T20:09:25.153Z",
"datePublic": "2025-11-11T23:26:33.066Z",
"descriptions": [
{
"lang": "en",
"value": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27948."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T21:41:45.445Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-991",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-991/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-12840",
"datePublished": "2025-12-23T21:41:45.445Z",
"dateReserved": "2025-11-06T20:09:25.122Z",
"dateUpdated": "2025-12-24T16:04:03.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12839 (GCVE-0-2025-12839)
Vulnerability from cvelistv5 – Published: 2025-12-23 21:41 – Updated: 2025-12-24 16:04
VLAI?
Title
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27947.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Academy Software Foundation | OpenEXR |
Affected:
3.4.0
|
Date Public ?
2025-11-11 23:26
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T16:04:28.394239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T16:04:35.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OpenEXR",
"vendor": "Academy Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"dateAssigned": "2025-11-06T20:09:10.115Z",
"datePublic": "2025-11-11T23:26:14.649Z",
"descriptions": [
{
"lang": "en",
"value": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27947."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T21:41:37.030Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-990",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-990/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-12839",
"datePublished": "2025-12-23T21:41:37.030Z",
"dateReserved": "2025-11-06T20:09:10.080Z",
"dateUpdated": "2025-12-24T16:04:35.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12495 (GCVE-0-2025-12495)
Vulnerability from cvelistv5 – Published: 2025-12-23 21:41 – Updated: 2025-12-24 16:05
VLAI?
Title
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27946.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Academy Software Foundation | OpenEXR |
Affected:
3.4.0
|
Date Public ?
2025-11-11 23:25
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T16:04:58.635162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T16:05:06.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OpenEXR",
"vendor": "Academy Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"dateAssigned": "2025-10-29T21:07:30.503Z",
"datePublic": "2025-11-11T23:25:58.560Z",
"descriptions": [
{
"lang": "en",
"value": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27946."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T21:41:27.753Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-989",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-989/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-12495",
"datePublished": "2025-12-23T21:41:27.753Z",
"dateReserved": "2025-10-29T21:07:29.841Z",
"dateUpdated": "2025-12-24T16:05:06.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64183 (GCVE-0-2025-64183)
Vulnerability from cvelistv5 – Published: 2025-11-10 21:29 – Updated: 2025-11-14 18:38
VLAI?
Title
OpenEXR has use after free in PyObject_StealAttrString
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObject_StealAttrString of pyOpenEXR_old.cpp. The legacy adapter defines PyObject_StealAttrString that calls PyObject_GetAttrString to obtain a new reference, immediately decrefs it, and returns the pointer. Callers then pass this dangling pointer to APIs like PyLong_AsLong/PyFloat_AsDouble, resulting in a use-after-free. This is invoked in multiple places (e.g., reading PixelType.v, Box2i, V2f, etc.) Versions 3.2.5, 3.3.6, and 3.4.3 fix the issue.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.2.0, < 3.2.5
Affected: >= 3.3.0, < 3.3.6 Affected: >= 3.4.0, < 3.4.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64183",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T18:38:28.928677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T18:38:32.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.2.5"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.6"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObject_StealAttrString of pyOpenEXR_old.cpp. The legacy adapter defines PyObject_StealAttrString that calls PyObject_GetAttrString to obtain a new reference, immediately decrefs it, and returns the pointer. Callers then pass this dangling pointer to APIs like PyLong_AsLong/PyFloat_AsDouble, resulting in a use-after-free. This is invoked in multiple places (e.g., reading PixelType.v, Box2i, V2f, etc.) Versions 3.2.5, 3.3.6, and 3.4.3 fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T21:29:54.234Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L109-L115",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L109-L115"
}
],
"source": {
"advisory": "GHSA-57cw-j6vp-2p9m",
"discovery": "UNKNOWN"
},
"title": "OpenEXR has use after free in PyObject_StealAttrString"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64183",
"datePublished": "2025-11-10T21:29:54.234Z",
"dateReserved": "2025-10-28T21:07:16.440Z",
"dateUpdated": "2025-11-14T18:38:32.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64182 (GCVE-0-2025-64182)
Vulnerability from cvelistv5 – Published: 2025-11-10 21:27 – Updated: 2025-11-14 19:22
VLAI?
Title
OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel() and InputFile.channels() can lead to heap overflow (32 bit) or a NULL deref (64 bit). Versions 3.2.5, 3.3.6, and 3.4.3 contain a patch for the issue.
Severity ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.2.0, < 3.2.5
Affected: >= 3.3.0, < 3.3.6 Affected: >= 3.4.0, < 3.4.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64182",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T19:22:55.353355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T19:22:58.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vh63-9mqx-wmjr"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.2.5"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.6"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel() and InputFile.channels() can lead to heap overflow (32 bit) or a NULL deref (64 bit). Versions 3.2.5, 3.3.6, and 3.4.3 contain a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T21:27:21.176Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vh63-9mqx-wmjr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vh63-9mqx-wmjr"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L528-L536",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L528-L536"
}
],
"source": {
"advisory": "GHSA-vh63-9mqx-wmjr",
"discovery": "UNKNOWN"
},
"title": "OpenEXR has buffer overflow in PyOpenEXR_old\u0027s channels() and channel()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64182",
"datePublished": "2025-11-10T21:27:21.176Z",
"dateReserved": "2025-10-28T21:07:16.440Z",
"dateUpdated": "2025-11-14T19:22:58.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64181 (GCVE-0-2025-64181)
Vulnerability from cvelistv5 – Published: 2025-11-10 21:23 – Updated: 2025-11-12 21:05
VLAI?
Title
OpenEXR Makes Use of Uninitialized Memory
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.
Severity ?
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.3.0, < 3.3.6
Affected: >= 3.4.0, < 3.4.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64181",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T17:36:24.461719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:05:26.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.6"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T21:23:04.248Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq"
},
{
"name": "https://github.com/user-attachments/files/23024726/archive0.zip",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/23024726/archive0.zip"
},
{
"name": "https://github.com/user-attachments/files/23024736/archive1.zip",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/23024736/archive1.zip"
},
{
"name": "https://github.com/user-attachments/files/23024740/archive2.zip",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/23024740/archive2.zip"
},
{
"name": "https://github.com/user-attachments/files/23024744/archive3.zip",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/23024744/archive3.zip"
},
{
"name": "https://github.com/user-attachments/files/23024746/archive4.zip",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/23024746/archive4.zip"
}
],
"source": {
"advisory": "GHSA-3h9h-qfvw-98hq",
"discovery": "UNKNOWN"
},
"title": "OpenEXR Makes Use of Uninitialized Memory"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64181",
"datePublished": "2025-11-10T21:23:04.248Z",
"dateReserved": "2025-10-28T21:07:16.440Z",
"dateUpdated": "2025-11-12T21:05:26.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48074 (GCVE-0-2025-48074)
Vulnerability from cvelistv5 – Published: 2025-08-01 16:32 – Updated: 2025-08-01 17:09
VLAI?
Title
OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.3.2, < 3.3.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48074",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T17:07:14.465806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:09:00.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.2, \u003c 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T16:32:54.595Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-x22w-82jp-8rvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-x22w-82jp-8rvf"
},
{
"name": "https://github.com/ShielderSec/poc/tree/main/CVE-2025-48074",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ShielderSec/poc/tree/main/CVE-2025-48074"
}
],
"source": {
"advisory": "GHSA-x22w-82jp-8rvf",
"discovery": "UNKNOWN"
},
"title": "OpenEXR\u0027s Unbounded File Header Values can Lead to Out-Of-Memory Errors"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48074",
"datePublished": "2025-08-01T16:32:54.595Z",
"dateReserved": "2025-05-15T16:06:40.942Z",
"dateUpdated": "2025-08-01T17:09:00.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48073 (GCVE-0-2025-48073)
Vulnerability from cvelistv5 – Published: 2025-07-31 20:25 – Updated: 2025-07-31 20:36
VLAI?
Title
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.3.2, < 3.3.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48073",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T20:36:29.115716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T20:36:41.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.2, \u003c 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T20:25:51.545Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-qhpm-86v7-phmm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-qhpm-86v7-phmm"
},
{
"name": "https://github.com/ShielderSec/poc/tree/main/CVE-2025-48073",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ShielderSec/poc/tree/main/CVE-2025-48073"
}
],
"source": {
"advisory": "GHSA-qhpm-86v7-phmm",
"discovery": "UNKNOWN"
},
"title": "OpenEXR ScanLineProcess::run_fill NULL Pointer Write In \"reduceMemory\" Mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48073",
"datePublished": "2025-07-31T20:25:51.545Z",
"dateReserved": "2025-05-15T16:06:40.942Z",
"dateUpdated": "2025-07-31T20:36:41.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48072 (GCVE-0-2025-48072)
Vulnerability from cvelistv5 – Published: 2025-07-31 20:18 – Updated: 2025-07-31 20:37
VLAI?
Title
OpenEXR's Inaccurate Pointer Arithmetic can Cause an Out of Bounds Heap
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.3.2, < 3.3.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48072",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T20:37:11.233759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T20:37:21.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.2, \u003c 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T20:18:40.598Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-4r7w-q3jg-ff43",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-4r7w-q3jg-ff43"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/commit/2d09449427b13a05f7c31a98ab2c4347c23db361",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/2d09449427b13a05f7c31a98ab2c4347c23db361"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.3"
}
],
"source": {
"advisory": "GHSA-4r7w-q3jg-ff43",
"discovery": "UNKNOWN"
},
"title": "OpenEXR\u0027s Inaccurate Pointer Arithmetic can Cause an Out of Bounds Heap"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48072",
"datePublished": "2025-07-31T20:18:40.598Z",
"dateReserved": "2025-05-15T16:06:40.942Z",
"dateUpdated": "2025-07-31T20:37:21.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48071 (GCVE-0-2025-48071)
Vulnerability from cvelistv5 – Published: 2025-07-31 20:13 – Updated: 2025-07-31 20:22
VLAI?
Title
OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 3.3.0, < 3.3.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48071",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T20:22:12.430398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T20:22:23.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T20:13:14.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876f"
},
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.3"
}
],
"source": {
"advisory": "GHSA-h45x-qhg2-q375",
"discovery": "UNKNOWN"
},
"title": "OpenEXR\u0027s Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48071",
"datePublished": "2025-07-31T20:13:14.436Z",
"dateReserved": "2025-05-15T16:06:40.941Z",
"dateUpdated": "2025-07-31T20:22:23.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31047 (GCVE-0-2024-31047)
Vulnerability from cvelistv5 – Published: 2024-04-08 00:00 – Updated: 2024-08-02 01:46
VLAI?
Summary
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openexr:openexr:3.2.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openexr",
"vendor": "openexr",
"versions": [
{
"status": "affected",
"version": "3.2.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31047",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:15:59.913143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:12:26.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/issues/1680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T22:54:26.791Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/AcademySoftwareFoundation/openexr/issues/1680"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-31047",
"datePublished": "2024-04-08T00:00:00.000Z",
"dateReserved": "2024-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T01:46:04.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5841 (GCVE-0-2023-5841)
Vulnerability from cvelistv5 – Published: 2024-02-01 18:28 – Updated: 2025-11-04 16:10
VLAI?
Title
OpenEXR Heap Overflow in Scanline Deep Data Parsing
Summary
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Academy Software Foundation | OpenEXR |
Affected:
0 , ≤ 3.2.1
(semver)
Unaffected: 3.2.2 Unaffected: 3.1.12 |
Date Public ?
2024-01-31 22:35
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:52.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://takeonme.org/cves/CVE-2023-5841.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Sep/36"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Sep/34"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Sep/32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-5841",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T15:17:50.765495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T15:18:17.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenEXR",
"vendor": "Academy Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.2.2"
},
{
"status": "unaffected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "zenofex"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "WanderingGlitch"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Austin Hackers Anonymous!"
}
],
"datePublic": "2024-01-31T22:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u0026nbsp;image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev3.2.2 and v3.1.12 of the affected library.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u00a0image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u00a0v3.2.2 and v3.1.12 of the affected library."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-25T02:06:23.585Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"url": "https://takeonme.org/cves/CVE-2023-5841.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OpenEXR Heap Overflow in Scanline Deep Data Parsing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2023-5841",
"datePublished": "2024-02-01T18:28:05.892Z",
"dateReserved": "2023-10-29T23:41:19.153Z",
"dateUpdated": "2025-11-04T16:10:52.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-20304 (GCVE-0-2021-20304)
Vulnerability from cvelistv5 – Published: 2022-08-23 00:00 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.
Severity ?
No CVSS data available.
CWE
- CWE-190 - - Integer Overflow or Wraparound
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/849"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939157"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-20304"
},
{
"name": "GLSA-202210-31",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEXR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenEXR 3.0.0-beta"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenEXR\u0027s hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 - Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229"
},
{
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/849"
},
{
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939157"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20304"
},
{
"name": "GLSA-202210-31",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-31"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20304",
"datePublished": "2022-08-23T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20298 (GCVE-0-2021-20298)
Vulnerability from cvelistv5 – Published: 2022-08-23 00:00 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.
Severity ?
No CVSS data available.
CWE
- CWE-400 - - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/843"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939156"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-20298"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEXR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenEXR 3.0.0-beta"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenEXR\u0027s B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 - Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913"
},
{
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/843"
},
{
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939156"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20298"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20298",
"datePublished": "2022-08-23T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3941 (GCVE-0-2021-3941)
Vulnerability from cvelistv5 – Published: 2022-03-25 00:00 – Updated: 2024-08-03 17:09
VLAI?
Summary
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019789"
},
{
"name": "FEDORA-2022-18e14f460c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"
},
{
"name": "GLSA-202210-31",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-31"
},
{
"name": "DSA-5299",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5299"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OpenEXR 3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019789"
},
{
"name": "FEDORA-2022-18e14f460c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"
},
{
"name": "GLSA-202210-31",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-31"
},
{
"name": "DSA-5299",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5299"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3941",
"datePublished": "2022-03-25T00:00:00.000Z",
"dateReserved": "2021-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3933 (GCVE-0-2021-3933)
Vulnerability from cvelistv5 – Published: 2022-03-25 00:00 – Updated: 2024-08-03 17:09
VLAI?
Summary
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019783"
},
{
"name": "FEDORA-2022-18e14f460c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"
},
{
"name": "GLSA-202210-31",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-31"
},
{
"name": "DSA-5299",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5299"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OpenEXR 3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t \u003c 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019783"
},
{
"name": "FEDORA-2022-18e14f460c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"
},
{
"name": "GLSA-202210-31",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-31"
},
{
"name": "DSA-5299",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5299"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3933",
"datePublished": "2022-03-25T00:00:00.000Z",
"dateReserved": "2021-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20299 (GCVE-0-2021-20299)
Vulnerability from cvelistv5 – Published: 2022-03-16 00:00 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Severity ?
No CVSS data available.
CWE
- CWE-476 - (NULL Pointer Dereference)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939154"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEXR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affected before v2.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenEXR\u0027s Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 (NULL Pointer Dereference)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740"
},
{
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939154"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20299",
"datePublished": "2022-03-16T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20300 (GCVE-0-2021-20300)
Vulnerability from cvelistv5 – Published: 2022-03-04 00:00 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
Severity ?
No CVSS data available.
CWE
- CWE-190 - - Integer Overflow or Wraparound
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939153"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/836"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEXR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v2.5.4 and beyond."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenEXR\u0027s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 - Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939153"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562"
},
{
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/836"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20300",
"datePublished": "2022-03-04T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20303 (GCVE-0-2021-20303)
Vulnerability from cvelistv5 – Published: 2022-03-04 00:00 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.
Severity ?
No CVSS data available.
CWE
- CWE-190 - - Integer Overflow or Wraparound, CWE-787 - Out-of-bounds Write
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939151"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/831"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEXR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v2.5.4 and beyond."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 - Integer Overflow or Wraparound, CWE-787 - Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939151"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505"
},
{
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/831"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20303",
"datePublished": "2022-03-04T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20302 (GCVE-0-2021-20302)
Vulnerability from cvelistv5 – Published: 2022-03-04 00:00 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.
Severity ?
No CVSS data available.
CWE
- CWE-20 - - Improper Input Validation
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939161"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/842"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEXR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v2.5.4 and beyond."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenEXR\u0027s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 - Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939161"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894"
},
{
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/842"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20302",
"datePublished": "2022-03-04T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}