Information on source package openexr

Available versions

ReleaseVersion
stretch2.2.0-11
stretch (security)2.2.0-11+deb9u4
buster2.2.1-4.1+deb10u1
bullseye2.5.4-2
bookworm2.5.7-1
sid2.5.7-1

Open issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2021-45942vulnerablevulnerablevulnerablevulnerablevulnerableOpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...
CVE-2021-26260fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedAn integer overflow leading to a heap-buffer overflow was found in the ...
CVE-2021-23215fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedAn integer overflow leading to a heap-buffer overflow was found in the ...
CVE-2021-20303fixedvulnerablefixedfixedfixedHeap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
CVE-2021-20302fixedvulnerable (no DSA, ignored)fixedfixedfixedFloating-point-exception in Imf_2_5::precalculateTileInfot
CVE-2021-20300fixedvulnerablefixedfixedfixedInteger-overflow in Imf_2_5::hufUncompress
CVE-2021-20299fixedvulnerablefixedfixedfixedNull-dereference READ in Imf_2_5::Header::operator
CVE-2021-20298vulnerable (no DSA, postponed)vulnerable (no DSA, ignored)fixedfixedfixedOut-of-memory in B44Compressor
CVE-2021-20296fixedvulnerable (no DSA)fixedfixedfixedA flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...
CVE-2021-3941vulnerable (no DSA)vulnerablevulnerablevulnerablevulnerable
CVE-2021-3933fixedvulnerablevulnerablevulnerablevulnerable
CVE-2021-3605fixedvulnerable (no DSA)vulnerablefixedfixedThere's a flaw in OpenEXR's rleUncompress functionality in versions pr ...
CVE-2021-3598fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedThere's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...
CVE-2021-3479fixedvulnerable (no DSA)fixedfixedfixedThere's a flaw in OpenEXR's Scanline API functionality in versions bef ...
CVE-2021-3478fixedvulnerable (no DSA)fixedfixedfixedThere's a flaw in OpenEXR's scanline input file functionality in versi ...
CVE-2021-3477fixedvulnerable (no DSA)fixedfixedfixedThere's a flaw in OpenEXR's deep tile sample size calculations in vers ...
CVE-2021-3476fixedvulnerable (no DSA)fixedfixedfixedA flaw was found in OpenEXR's B44 uncompression functionality in versi ...
CVE-2021-3475fixedvulnerable (no DSA)fixedfixedfixedThere is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...
CVE-2021-3474fixedvulnerable (no DSA)fixedfixedfixedThere's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...
CVE-2020-16589fixedvulnerable (no DSA)fixedfixedfixedA head-based buffer overflow exists in Academy Software Foundation Ope ...
CVE-2020-16588fixedvulnerable (no DSA)fixedfixedfixedA Null Pointer Deference issue exists in Academy Software Foundation O ...
CVE-2020-16587fixedvulnerable (no DSA)fixedfixedfixedA heap-based buffer overflow vulnerability exists in Academy Software ...

Open unimportant issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2021-26945vulnerablevulnerablevulnerablevulnerablevulnerableAn integer overflow leading to a heap-buffer overflow was found in Ope ...
CVE-2021-20304vulnerablevulnerablefixedfixedfixedUndefined-shift in Imf_2_5::hufDecode
CVE-2018-18443vulnerablevulnerablefixedfixedfixedOpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...
CVE-2017-14988vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2 ...

Resolved issues

BugDescription
CVE-2021-23169A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...
CVE-2020-15306An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...
CVE-2020-15305An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...
CVE-2020-15304An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...
CVE-2020-11765An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...
CVE-2020-11764An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11763An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...
CVE-2020-11762An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11761An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11760An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11759An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...
CVE-2020-11758An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2018-18444makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...
CVE-2017-12596In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...
CVE-2017-9116In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...
CVE-2017-9115In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...
CVE-2017-9114In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...
CVE-2017-9113In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...
CVE-2017-9112In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...
CVE-2017-9111In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...
CVE-2017-9110In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...
CVE-2009-1722Heap-based buffer overflow in the compression implementation in OpenEX ...
CVE-2009-1721The decompression implementation in the Imf::hufUncompress function in ...
CVE-2009-1720Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-de ...

Security announcements

DSA / DLADescription
DLA-2732-1openexr - security update
DLA-2701-1openexr - security update
DLA-2491-1openexr - security update
DLA-2358-1openexr - security update
DSA-4755-1openexr - security update
DLA-1083-1openexr - security update
DSA-1842-1openexr - several vulnerabilities
Search for package or bug name: Reporting problems