Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 52 results


CVE-2024-31047

Medium priority
Needs evaluation

An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-5841

Medium priority
Needs evaluation

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Needs evaluation Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-20304

Negligible priority
Needs evaluation

A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-20298

Negligible priority
Needs evaluation

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-20299

Negligible priority
Vulnerable

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Needs evaluation Vulnerable Needs evaluation
Show less packages

CVE-2021-20303

Low priority
Needs evaluation

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap....

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-20302

Negligible priority
Needs evaluation

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-20300

Low priority
Needs evaluation

A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-45942

Low priority
Vulnerable

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Vulnerable Vulnerable Vulnerable Vulnerable Needs evaluation
Show less packages

CVE-2021-3941

Low priority

Some fixes available 4 of 7

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Fixed Fixed Fixed Fixed
Show less packages