Information on source package openexr

Available versions

ReleaseVersion
buster2.2.1-4.1+deb10u1
buster (security)2.2.1-4.1+deb10u2
bullseye2.5.4-2+deb11u1
bookworm3.1.5-5
trixie3.1.5-5.1
sid3.1.5-5.1

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2023-5841fixedfixedvulnerable (no DSA)vulnerablevulnerableDue to a failure in validating the number of scanline samples of a Ope ...

Open unimportant issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2021-26945vulnerablevulnerablevulnerablevulnerablevulnerableAn integer overflow leading to a heap-buffer overflow was found in Ope ...
CVE-2021-20304vulnerablefixedfixedfixedfixedA flaw was found in OpenEXR's hufDecode functionality. This flaw allow ...
CVE-2018-18443vulnerablefixedfixedfixedfixedOpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...
CVE-2017-14988vulnerablevulnerablevulnerablevulnerablevulnerableHeader::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remot ...

Resolved issues

BugDescription
CVE-2021-45942OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...
CVE-2021-26260An integer overflow leading to a heap-buffer overflow was found in the ...
CVE-2021-23215An integer overflow leading to a heap-buffer overflow was found in the ...
CVE-2021-23169A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...
CVE-2021-20303A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cp ...
CVE-2021-20302A flaw was found in OpenEXR's TiledInputFile functionality. This flaw ...
CVE-2021-20300A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/I ...
CVE-2021-20299A flaw was found in OpenEXR's Multipart input file functionality. A cr ...
CVE-2021-20298A flaw was found in OpenEXR's B44Compressor. This flaw allows an attac ...
CVE-2021-20296A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...
CVE-2021-3941In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...
CVE-2021-3933An integer overflow could occur when OpenEXR processes a crafted file ...
CVE-2021-3605There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...
CVE-2021-3598There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...
CVE-2021-3479There's a flaw in OpenEXR's Scanline API functionality in versions bef ...
CVE-2021-3478There's a flaw in OpenEXR's scanline input file functionality in versi ...
CVE-2021-3477There's a flaw in OpenEXR's deep tile sample size calculations in vers ...
CVE-2021-3476A flaw was found in OpenEXR's B44 uncompression functionality in versi ...
CVE-2021-3475There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...
CVE-2021-3474There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...
CVE-2020-16589A head-based buffer overflow exists in Academy Software Foundation Ope ...
CVE-2020-16588A Null Pointer Deference issue exists in Academy Software Foundation O ...
CVE-2020-16587A heap-based buffer overflow vulnerability exists in Academy Software ...
CVE-2020-15306An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...
CVE-2020-15305An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...
CVE-2020-15304An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...
CVE-2020-11765An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...
CVE-2020-11764An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11763An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...
CVE-2020-11762An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11761An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11760An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11759An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...
CVE-2020-11758An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2018-18444makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...
CVE-2017-12596In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...
CVE-2017-9116In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...
CVE-2017-9115In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...
CVE-2017-9114In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...
CVE-2017-9113In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...
CVE-2017-9112In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...
CVE-2017-9111In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...
CVE-2017-9110In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...
CVE-2009-1722Heap-based buffer overflow in the compression implementation in OpenEX ...
CVE-2009-1721The decompression implementation in the Imf::hufUncompress function in ...
CVE-2009-1720Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-de ...

Security announcements

DSA / DLADescription
DLA-3236-1openexr - security update
DSA-5299-1openexr - security update
DLA-2732-1openexr - security update
DLA-2701-1openexr - security update
DLA-2491-1openexr - security update
DLA-2358-1openexr - security update
DSA-4755-1openexr - security update
DLA-1083-1openexr - security update
DSA-1842-1openexr - several vulnerabilities

Search for package or bug name: Reporting problems