OpenEXR 3.0.5 Release Candidate 2

CPE Details

OpenEXR 3.0.5 Release Candidate 2
openexr
openexr
3.0.5
2021-07-07
15h25 +00:00
2021-07-07
15h38 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:openexr:openexr:3.0.5:rc2:*:*:*:*:*:*

Informations

Vendor

openexr

Product

openexr

Version

3.0.5

Update

rc2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-5841 2024-02-01 18h28 +00:00 Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
9.1
Critique
CVE-2021-3933 2022-03-24 23h00 +00:00 An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
5.5
Moyen