OpenEXR 3.1.0 Release Candidate 1

CPE Details

OpenEXR 3.1.0 Release Candidate 1
openexr
openexr
3.1.0
2022-01-10
16h33 +00:00
2022-01-10
18h35 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:openexr:openexr:3.1.0:rc1:*:*:*:*:*:*

Informations

Vendor

openexr

Product

openexr

Version

3.1.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-5841 2024-02-01 18h28 +00:00 Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
9.1
Critique
CVE-2021-3933 2022-03-24 23h00 +00:00 An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
5.5
Moyen
CVE-2021-45942 2021-12-30 23h00 +00:00 OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
5.5
Moyen