7 matches found
Python Library OpenEXR 3.4.x < 3.4.7 Heap Buffer Overflow (OOB Read)
The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.7. It is, therefore, affected by a heap buffer overflow vulnerability: - A heap-buffer-overflow out-of-bounds read occurs in the the HTJ2K decoder in OpenEXR when copying decompressed samples from OpenJPH...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the parsing process of EXR files due to improper validation of user-supplied data length. An attacker can achieve arbitrary code execution by tricking a user into opening a specially crafted malicious EXR...
AZL-45264 CVE-2024-28564 affecting package OpenEXR 2.3.0-6
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the Imf22::CharPtrIO::readChars function when reading images in EXR format...
CVE-2020-15304
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference...
AZL-45105 CVE-2020-11761 affecting package OpenEXR 2.3.0-6
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp...
LIM OpenEXR Buffer Overflow Vulnerability
LIM OpenEXR is an image file format developed by Industrial Light and Magic LIM in the United States for high dynamic range HDR images. A security vulnerability exists in the makeMultiView.cpp file for exrmultiview in LIM OpenEXR version 2.3.0. An attacker can exploit this vulnerability to cause ...
DEBIAN-CVE-2017-14988
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service excessive memory allocation via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe tha...