Lucene search
K

2370 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/03 10:42 p.m.3 views

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

8.4CVSS5.9AI score0.00201EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/03/03 10:42 p.m.2 views

EUVD-2026-9342

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

8.4CVSS5.9AI score0.00201EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/03 10:42 p.m.20 views

CVE-2026-27622 OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

8.4CVSS0.00201EPSS
Exploits2References1
AlpineLinux
AlpineLinux
added 2026/03/03 10:42 p.m.2 views

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

8.4CVSS5.9AI score0.00201EPSS
Exploits2References1
CVE
CVE
added 2026/03/03 10:42 p.m.34 views

CVE-2026-27622

OpenEXR vulnerability CVE-2026-27622 arises from an integer overflow in CompositeDeepScanLine::readPixels, where per-pixel totals are accumulated into total_sizes and wrapped modulo 2^32, causing derived overall_sample_count to mis-size samples and leading to a heap out-of-bounds write in core un...

8.4CVSS5.9AI score0.00201EPSS
Exploits2References20Affected Software1
OSV
OSV
added 2026/03/03 10:42 p.m.1 views

CVE-2026-27622 OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

8.4CVSS5.8AI score0.00201EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2026/03/03 10:42 p.m.4 views

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

8.4CVSS5.3AI score0.00201EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/03/03 10:42 p.m.2 views

CVE-2026-27622 OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

8.4CVSS5.9AI score0.00201EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.5 views

OpenEXR 缓冲区错误漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR prior to 3.2.6, 3.3.8, and 3.4.6 contain a buffer error vulnerability. This vulnerability arises from the rounding of the total per-pixel value in vector tot...

8.4CVSS7.5AI score0.00201EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2026/03/02 6:30 p.m.6 views

sfx (=0.1.0) potentially affected by CVE-2026-27622 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-27622 Source advisory: OSV:GHSA-CR4V-6JM6-4963...

8.4CVSS7AI score0.00201EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/02 6:30 p.m.3 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-27622 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-27622 Source advisory: OSV:GHSA-CR4V-6JM6-4963...

8.4CVSS7.2AI score0.00201EPSS
Exploits2
OSV
OSV
added 2026/03/02 6:30 p.m.4 views

GHSA-CR4V-6JM6-4963 OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write

Summary Function: CompositeDeepScanLine::readPixels, reachable from high-level multipart deep read flows MultiPartInputFile + DeepScanLineInputPart + CompositeDeepScanLine. Vulnerable lines src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp: - totalsizesptr += countsjptr; line 511 - overallsamplecount ...

8.4CVSS6.2AI score0.00201EPSS
Exploits2References3
Snyk
Snyk
added 2026/03/02 6:30 p.m.1 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the CompositeDeepScanLine::readPixels function. An attacker can cause memory corruption or potentially execute arbitrary code by providing a specially crafted multipart deep EXR file with large sample...

8.4CVSS6.1AI score0.00201EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/03/02 6:30 p.m.5 views

OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write

Summary Function: CompositeDeepScanLine::readPixels, reachable from high-level multipart deep read flows MultiPartInputFile + DeepScanLineInputPart + CompositeDeepScanLine. Vulnerable lines src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp: - totalsizesptr += countsjptr; line 511 - overallsamplecount ...

8.4CVSS6.2AI score0.00201EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.3 views

PT-2026-22698

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 3.2.6 OpenEXR versions prior to 3.3.8 OpenEXR versions prior to 3.4.6 Description OpenEXR, a file format used in the motion picture industry, has an issue in the CompositeDeepScanLine::readPixels function. The functio...

8.4CVSS5.8AI score0.00201EPSS
Exploits2References53
Wolfi
Wolfi
added 2026/02/26 7:48 p.m.5 views

CVE-2026-26981 vulnerabilities

Vulnerabilities for packages: openexr...

6.5CVSS5.3AI score0.00523EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/26 7:17 p.m.5 views

CVE-2026-26981 vulnerabilities

Vulnerabilities for packages: openexr...

6.5CVSS5.3AI score0.00523EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.2 views

SUSE CVE-2026-26981

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...

7.8CVSS5.8AI score0.00523EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-26981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3...

6.5CVSS5.4AI score0.00523EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/24 10:44 a.m.4 views

CVE-2026-26981

A flaw was found in OpenEXR. A remote attacker could exploit a heap-buffer-overflow vulnerability in the istreamnonparallelread function by tricking a user into opening a specially crafted EXR file. This occurs when a signed integer subtraction results in a negative value that is then converted t...

6.5CVSS5.4AI score0.00523EPSS
Exploits1References6
Rows per page
Query Builder