OSV-2026-664 Heap-buffer-overflow in DwaCompressor_uncompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=508362159 Crash type: Heap-buffer-overflow WRITE Crash state: DwaCompressoruncompress internalexrundodwaa exruncompresschunk...

OSV-2026-605 Heap-buffer-overflow in DwaCompressor_uncompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504280155 Crash type: Heap-buffer-overflow WRITE Crash state: DwaCompressoruncompress internalexrundodwaa exruncompresschunk...

EUVD-2021-10319

Malware in sbrugna...

EUVD-2020-4104

Malware in sbrugna...

EUVD-2021-13077

Malware in sbrugna...

EUVD-2020-4107

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-26260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to cra...

CVE-2024-28563

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the Imf22::DwaCompressor::Classifier::Classifier function when reading images in EXR format...

PT-2023-35854 · Git +1 · Openexr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details include the LossyDctDecoder execute, DwaCompressor uncompress, and internal...

PT-2023-35847 · Git +1 · Openexr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the involvement of specific functions: libdeflate zl...

OSV-2023-407 Stack-buffer-overflow in DwaCompressor_readChannelRules

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59070 Crash type: Stack-buffer-overflow READ Crash state: DwaCompressorreadChannelRules DwaCompressoruncompress internalexrundodwaa...

PT-2023-35833 · Git +1 · Openexr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. Technical details include the DwaCompressor readChannelRules and DwaCompressor uncompress...

SUSE CVE-2020-11765

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read...

SUSE CVE-2021-23215

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR...

Debian DSA-5299-1 : openexr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5299 advisory. Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound read...

Denial Of Service (DoS)

openexr:stretch is vulnerable to denial of service. An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEX. An attacker could use this flaw to crash an application compiled with OpenEXR...

OESA-2021-1238 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker...

Ubuntu 18.04 LTS : OpenEXR vulnerabilities (USN-4996-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4996-1 advisory. It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a...

AZL-44169 CVE-2021-26260 affecting package OpenEXR 2.3.0-6

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215...

CVE-2021-23215

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR...