12 matches found
JLSEC-2026-142
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...
DEBIAN-CVE-2026-34378
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...
CVE-2026-34378
OpenEXR vulnerability overview: The EXR file format library OpenEXR is affected in versions 3.4.0 through before 3.4.9 due to a missing bounds check on the dataWindow attribute in headers, which can trigger a signed integer overflow in generic_unpack() when dataWindow.min.x is set to a large nega...
CVE-2026-34378
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...
CVE-2026-34378 OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...
OpenEXR 安全漏洞
OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.4.0 to 3.4.9 contained security vulnerabilities. These vulnerabilities stemmed from the lack of boundary checks on the dataWindow property, which coul...
Linux Distros Unpatched Vulnerability : CVE-2026-34378
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to...
EUVD-2025-23375
Malicious code in bioql PyPI...
CVE-2025-48074
A memory exhaustion flaw has been discovered in OpenEXR. In affected versions, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. Mitigation Mitigation for this issue i...
Allocation of Resources Without Limits or Throttling
Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded values in the dataWindow header field. An attacker can exhaust system memory or cause the application to...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded values in the dataWindow header field. An attacker can exhaust system memory or cause the application to crash by supplying specially crafted files with excessively larg...
OpenEXR Out-Of-Memory via Unbounded File Header Values
Summary The OpenEXR file format defines many information about the final image inside of the file header, such as the size of data/display window. The application trusts the value of dataWindow size provided in the header of the input file, and performs computations based on this value. This may...