Information on source package openexr

Available versions

ReleaseVersion
jessie1.6.1-8
stretch2.2.0-11
buster2.2.1-4.1
bullseye2.2.1-4.1
sid2.2.1-4.1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2017-9116vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...
CVE-2017-9115vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...
CVE-2017-9114vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...
CVE-2017-9113vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...
CVE-2017-9112vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...
CVE-2017-9111vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...
CVE-2017-9110vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...
CVE-2017-12596vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2018-18444vulnerablevulnerablevulnerablevulnerablevulnerablemakeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...
CVE-2018-18443vulnerablevulnerablevulnerablevulnerablevulnerableOpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...
CVE-2017-14988vulnerablevulnerablevulnerablevulnerablevulnerableHeader::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remot ...

Resolved issues

BugDescription
CVE-2009-1722Heap-based buffer overflow in the compression implementation in OpenEX ...
CVE-2009-1721The decompression implementation in the Imf::hufUncompress function in ...
CVE-2009-1720Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-de ...

Security announcements

DSA / DLADescription
DLA-1083-1openexr - security update
DSA-1842-1openexr - several vulnerabilities
DSA-1842-1openexr - several vulnerabilities
Search for package or bug name: Reporting problems