CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в openexr

A flaw was discovered in the function dataWindowForTile of the IlmImf/ImfTiledMisc.cpp file. An attacker who can submit a crafted file for processing with OpenEXR could trigger an integer overflow, resulting in an out-of-bounds write operation on the heap. The most significant impact of this flaw...

6.1CVSS6.9AI score0.00132EPSS

Exploits0References2

Amazon•added 2026/04/30 12:0 a.m.•2 views

Important: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signe...

8.6CVSS5.4AI score0.00071EPSS

Exploits3

Tenable Nessus•added 2026/04/30 12:0 a.m.•4 views

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1612)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1612 advisory. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds...

8.6CVSS5.9AI score0.00071EPSS

Exploits3References8

SUSE CVE•added 2026/04/07 11:25 p.m.•2 views

SUSE CVE-2026-34378

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

5.5CVSS5.9AI score0.00054EPSS

Exploits1References3

NVD•added 2026/04/06 4:16 p.m.•2 views

CVE-2026-34378

6.5CVSS0.00054EPSS

Exploits1References2

OSV•added 2026/04/06 4:16 p.m.•2 views

UBUNTU-CVE-2026-34378

6.5CVSS5.9AI score0.00054EPSS

Exploits1References7

UbuntuCve•added 2026/04/06 4:16 p.m.•1 views

CVE-2026-34378

6.5CVSS5.9AI score0.00054EPSS

Exploits1References6

Snyk•added 2026/04/06 4:9 p.m.•1 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the genericunpack function when parsing EXR files containing a crafted negative value for dataWindow.min.x. An attacker can cause the process to terminate unexpectedly by supplying a specially crafted E...

7.1CVSS5.8AI score0.00054EPSS

Exploits1References2

Snyk•added 2026/04/06 4:9 p.m.•1 views

Integer Overflow or Wraparound

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the genericunpack function when parsing EXR files containing a crafted negative value for dataWindow.min.x. An attacker can cause the proce...

7.1CVSS5.8AI score0.00054EPSS

Exploits1References2

Cvelist•added 2026/04/06 3:19 p.m.•25 views

CVE-2026-34378 OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x

6.5CVSS0.00054EPSS

Exploits1References2

EUVD•added 2026/04/06 3:19 p.m.•2 views

EUVD-2026-19303

6.5CVSS6AI score0.00054EPSS

Exploits1References1

AlpineLinux•added 2026/04/06 3:19 p.m.•2 views

CVE-2026-34378

6.5CVSS6AI score0.00054EPSS

Exploits1

Vulnrichment•added 2026/04/06 3:19 p.m.•1 views

CVE-2026-34378 OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x

6.5CVSS6AI score0.00054EPSS

Exploits1References2

Positive Technologies•added 2026/04/06 12:0 a.m.•2 views

PT-2026-30657

8.7CVSS6AI score0.0009EPSS

Exploits8References12

FreeBSD•added 2026/03/26 12:0 a.m.•6 views

openexr -- multiple vulnerabilities

Cary Phillips reports: OpenEXR 3.4.9 addresses the following CVEs: CVE-2026-34589 DWA Lossy Decoder Heap Out-of-Bounds Write CVE-2026-34588 Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write CVE-2026-34380 Signed integer overflow undefined behavior in undopxr24impl may allow bounds-che...

8.6CVSS5.9AI score0.0009EPSS

Exploits5References2

Tenable Nessus•added 2025/08/20 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-48074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3....

5.5CVSS5.9AI score0.00133EPSS

Exploits1References3

Veracode•added 2025/08/18 8:34 a.m.•1 views

Denial Of Service (DoS)

OpenEXR is vulnerable to denial of service DoS. The vulnerability is due to improper input validation due to trusting unvalidated dataWindow size values from file headers, leading to excessive memory allocation and performance degradation...

5.5CVSS5.9AI score0.00133EPSS

Exploits1References4Affected Software1

SUSE CVE•added 2025/08/01 11:22 p.m.•1 views

SUSE CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

5.5CVSS6.9AI score0.00133EPSS

Exploits1References3

OSV•added 2025/08/01 5:15 p.m.•1 views

DEBIAN-CVE-2025-48074

5.5CVSS5.3AI score0.00133EPSS

Exploits1References1

OSV•added 2025/08/01 5:15 p.m.•0 views

UBUNTU-CVE-2025-48074

5.5CVSS5.8AI score0.00133EPSS

Exploits1References5

Rows per page