OpenEXR 3.1.2 Release Candidate

CPE Details

OpenEXR 3.1.2 Release Candidate
openexr
openexr
3.1.2
2022-01-10
16h34 +00:00
2022-01-10
18h35 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openexr:openexr:3.1.2:rc:*:*:*:*:*:*

Informations

Vendor

openexr

Product

openexr

Version

3.1.2

Update

rc

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-5841 2024-02-01 18h28 +00:00 Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
9.1
Critical
CVE-2021-3941 2022-03-24 23h00 +00:00 In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
6.5
Medium
CVE-2021-45942 2021-12-30 23h00 +00:00 OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
5.5
Medium