openexr (SUSE:Linux Enterprise Server for SAP Applications 12 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 SP4 package openexr, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (20)
CVE-2017-9113 — CVSS 8.8 (high): In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or…
CVE-2018-18444 — CVSS 8.8 (high): makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified…
CVE-2017-9111 — CVSS 8.8 (high): In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or…
CVE-2017-9115 — CVSS 8.8 (high): In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary…
CVE-2021-20298 — CVSS 7.5 (high): A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to…
CVE-2021-20299 — CVSS 7.5 (high): A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL…
CVE-2021-20304 — CVSS 7.5 (high): A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR…
CVE-2017-9112 — CVSS 6.5 (medium): In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
CVE-2021-20303 — CVSS 6.1 (medium): A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed…
CVE-2021-3605 — CVSS 5.5 (medium): There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an…
CVE-2020-11758 — CVSS 5.5 (medium): An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
CVE-2020-11760 — CVSS 5.5 (medium): An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
CVE-2020-11763 — CVSS 5.5 (medium): An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by…
CVE-2020-11764 — CVSS 5.5 (medium): An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
CVE-2021-20300 — CVSS 5.5 (medium): A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a…
CVE-2021-20302 — CVSS 5.5 (medium): A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to…
CVE-2017-14988 — CVSS 5.5 (medium): Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory…
CVE-2021-3479 — CVSS 5.5 (medium): There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to…
CVE-2021-3598 — CVSS 5.5 (medium): There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted…
CVE-2021-3476 — CVSS 5.3 (medium): A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted…