openexr (SUSE:Linux Enterprise Module for Desktop Applications 15 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Desktop Applications 15 SP2 package openexr, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (24)
CVE-2021-20298 — CVSS 7.5 (high): A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to…
CVE-2021-20304 — CVSS 7.5 (high): A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR…
CVE-2021-20299 — CVSS 7.5 (high): A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL…
CVE-2021-3941 — CVSS 6.5 (medium): In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) *…
CVE-2021-20303 — CVSS 6.1 (medium): A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed…
CVE-2020-16589 — CVSS 5.5 (medium): A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause…
CVE-2020-16587 — CVSS 5.5 (medium): A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in…
CVE-2020-15306 — CVSS 5.5 (medium): An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in…
CVE-2021-20300 — CVSS 5.5 (medium): A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a…
CVE-2021-20302 — CVSS 5.5 (medium): A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to…
CVE-2020-15304 — CVSS 5.5 (medium): An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInput…
CVE-2021-3598 — CVSS 5.5 (medium): There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted…
CVE-2021-3605 — CVSS 5.5 (medium): There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an…
CVE-2021-3933 — CVSS 5.5 (medium): An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid…
CVE-2020-16588 — CVSS 5.5 (medium): A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a…
CVE-2020-15305 — CVSS 5.5 (medium): An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile(…
CVE-2021-23215 — CVSS 5.5 (medium): An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could…
CVE-2021-26260 — CVSS 5.5 (medium): An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could…
CVE-2021-3477 — CVSS 5.5 (medium): There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted…
CVE-2021-3479 — CVSS 5.5 (medium): There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to…
CVE-2021-20296 — CVSS 5.3 (medium): A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa…
CVE-2021-3474 — CVSS 5.3 (medium): There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in…
CVE-2021-3475 — CVSS 5.3 (medium): There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause…
CVE-2021-3476 — CVSS 5.3 (medium): A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted…