Lucene search
K

30 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2021-3941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ImfChromaticities.cpp routine RGBtoXYZ, there are some division operations such as float Z = 1 - chroma.white.x - chroma.white.y Y / chroma.white.y; and...

6.5CVSS6.7AI score0.00291EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.27 views

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2023-022)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-022 advisory. 2024-02-15: CVE-2021-20304 was added to this advisory. A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR...

7.5CVSS6.4AI score0.01508EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.4 views

SUSE CVE-2021-3941

In ImfChromaticities.cpp routine RGBtoXYZ, there are some division operations such as float Z = 1 - chroma.white.x - chroma.white.y Y / chroma.white.y; and chroma.green.y X + Z / d; but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition whi...

5.5CVSS6.8AI score0.00291EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-5620-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.2AI score0.01747EPSS
Exploits1References2
Debian
Debian
added 2022/12/11 11:52 p.m.66 views

[SECURITY] [DLA 3236-1] openexr security update

Debian LTS Advisory DLA-3236-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 12, 2022 https://wiki.debian.org/LTS Package : openexr Version : 2.2.1-4.1+deb10u2 CVE ID : CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 CVE-2021-3474 CVE-2021-3475 CVE-2021-34...

7.5CVSS6.3AI score0.01848EPSS
Exploits5
Debian
Debian
added 2022/12/10 4:27 p.m.83 views

[SECURITY] [DSA 5299-1] openexr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5299-1 [email protected] https://www.debian.org/security/ Markus Koschany December 10, 2022 https://www.debian.org/security/faq -...

6.5CVSS7AI score0.01772EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/10/31 12:0 a.m.36 views

GLSA-202210-31 : OpenEXR: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-31 OpenEXR: Multiple Vulnerabilities - A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. T...

8.8CVSS7.3AI score0.02291EPSS
Exploits3References14
Ubuntu
Ubuntu
added 2022/09/20 12:52 p.m.281 views

USN-5620-1: OpenEXR vulnerabilities

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. These issues only affected Ubuntu 20.04 ESM. CVE-2021-3598,...

6.5CVSS6.8AI score0.01747EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/09/07 12:0 a.m.40 views

Amazon Linux 2022 : openexr, openexr-devel, openexr-libs (ALAS2022-2022-061)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-061 advisory. An integer overflow could occur when OpenEXR processes a crafted file on systems where sizet is less than 64 bits. This issue could cause an invalid bytesPerLine and maxBytesPerLine value, whic...

6.5CVSS6.5AI score0.00849EPSS
Exploits0References5
OSV
OSV
added 2022/03/25 7:15 p.m.32 views

CVE-2021-3941

In ImfChromaticities.cpp routine RGBtoXYZ, there are some division operations such as float Z = 1 - chroma.white.x - chroma.white.y Y / chroma.white.y; and chroma.green.y X + Z / d; but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition whi...

6.5CVSS6.6AI score
Exploits0References5
CVE
CVE
added 2022/03/25 12:0 a.m.244 views

CVE-2021-3941

OpenEXR vulnerability CVE-2021-3941 involves a divide-by-zero in ImfChromaticities.cpp RGBtoXYZ() when computing Z and related values, risking availability of programs linked with OpenEXR. Connected advisories (Astra Linux, Debian/Ubuntu disclosures, and global advisories) confirm OpenEXR as affe...

6.5CVSS6.5AI score0.00291EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/03/01 12:0 a.m.33 views

EulerOS 2.0 SP5 : OpenEXR (EulerOS-SA-2022-1279)

According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ImfChromaticities.cpp routine RGBtoXYZ, there are some division operations such as float Z = 1 - chroma.white.x - chroma.white.y Y /...

6.5CVSS6.9AI score0.00291EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/02/24 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for OpenEXR (EulerOS-SA-2022-1179)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.00291EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 2022/01/20 12:0 a.m.31 views

USN-5150-1: OpenEXR vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description OpenEXR could be made to crash if it opened a specially crafted file. CVEs contained in this USN include: CVE-2021-3941. Affected Cloud Foundry Products and Versions Severity is medium unless otherwise...

6.5CVSS6.5AI score0.00291EPSS
Exploits0Affected Software2
OpenVAS
OpenVAS
added 2021/12/07 12:0 a.m.23 views

openSUSE: Security Advisory for openexr (openSUSE-SU-2021:1537-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.4AI score0.00849EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/12/07 12:0 a.m.40 views

openSUSE 15 Security Update : openexr (openSUSE-SU-2021:1537-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1537-1 advisory. - In ImfChromaticities.cpp routine RGBtoXYZ, there are some division operations such as float Z = 1 - chroma.white.x - chroma.white.y Y /...

6.5CVSS6.6AI score0.00849EPSS
Exploits0References7
OSV
OSV
added 2021/12/06 1:6 p.m.5 views

OPENSUSE-SU-2021:1537-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2021-3941: Fixed divide-by-zero in Imf31:RGBtoXYZ bsc1192556. - CVE-2021-3933: Fixed integer-overflow in Imf31:bytesPerDeepLineTable bsc1192498. This update was imported from the SUSE:SLE-15:Update update project...

6.5CVSS5.9AI score0.00849EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2021/12/06 12:0 a.m.34 views

Security update for openexr (moderate)

openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2021:1537-1 Rating: moderate References: 1192498 1192556 Cross-References: CVE-2021-3933 CVE-2021-3941 CVSS scores: CVE-2021-3933 SUSE: 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3941 SUSE: 5.5...

5.5CVSS6.9AI score0.00849EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/02 12:0 a.m.31 views

openSUSE: Security Advisory for openexr (openSUSE-SU-2021:3844-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.4AI score0.00849EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/02 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2021:3844-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.2AI score0.00849EPSS
Exploits0References2
Rows per page
Query Builder