Lucene search
+L

12 matches found

OSV
OSV
added 2026/04/17 3:19 p.m.8 views

JLSEC-2026-142

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

6.5CVSS5.8AI score0.00262EPSS
Exploits1References2
OSV
OSV
added 2026/04/06 4:16 p.m.3 views

DEBIAN-CVE-2026-34378

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

6.5CVSS5.4AI score0.00262EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 3:19 p.m.14 views

CVE-2026-34378

OpenEXR vulnerability overview: The EXR file format library OpenEXR is affected in versions 3.4.0 through before 3.4.9 due to a missing bounds check on the dataWindow attribute in headers, which can trigger a signed integer overflow in generic_unpack() when dataWindow.min.x is set to a large nega...

6.5CVSS6AI score0.00262EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/06 3:19 p.m.5 views

CVE-2026-34378

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

6.5CVSS5.4AI score0.00262EPSS
Exploits1
OSV
OSV
added 2026/04/06 3:19 p.m.1 views

CVE-2026-34378 OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

6.5CVSS6AI score0.00262EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.4.0 to 3.4.9 contained security vulnerabilities. These vulnerabilities stemmed from the lack of boundary checks on the dataWindow property, which coul...

6.5CVSS5.8AI score0.00262EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/06 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to...

6.5CVSS5.9AI score0.00262EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23375

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.00259EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/08/05 5:8 a.m.8 views

CVE-2025-48074

A memory exhaustion flaw has been discovered in OpenEXR. In affected versions, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. Mitigation Mitigation for this issue i...

5.5CVSS6.1AI score0.00259EPSS
Exploits1References5
Snyk
Snyk
added 2025/07/31 7:23 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded values in the dataWindow header field. An attacker can exhaust system memory or cause the application to...

5.5CVSS6.9AI score0.00259EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/31 7:23 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded values in the dataWindow header field. An attacker can exhaust system memory or cause the application to crash by supplying specially crafted files with excessively larg...

5.5CVSS7AI score0.00259EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/07/31 7:23 p.m.9 views

OpenEXR Out-Of-Memory via Unbounded File Header Values

Summary The OpenEXR file format defines many information about the final image inside of the file header, such as the size of data/display window. The application trusts the value of dataWindow size provided in the header of the input file, and performs computations based on this value. This may...

5.5CVSS6.5AI score0.00259EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder