OpenEXR 3.0.1

CPE Details

OpenEXR 3.0.1
3.0.1
2021-04-20
10h11 +00:00
2021-04-23
15h34 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openexr:openexr:3.0.1:-:*:*:*:*:*:*

Informations

Vendor

openexr

Product

openexr

Version

3.0.1

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-5841 2024-02-01 18h28 +00:00 Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
9.1
Critical
CVE-2021-3933 2022-03-24 23h00 +00:00 An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
5.5
Medium
CVE-2021-3605 2021-08-24 22h00 +00:00 There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
5.5
Medium
CVE-2021-3598 2021-07-05 22h00 +00:00 There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
5.5
Medium