OSV-2026-664 Heap-buffer-overflow in DwaCompressor_uncompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=508362159 Crash type: Heap-buffer-overflow WRITE Crash state: DwaCompressoruncompress internalexrundodwaa exruncompresschunk...

OSV-2026-605 Heap-buffer-overflow in DwaCompressor_uncompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504280155 Crash type: Heap-buffer-overflow WRITE Crash state: DwaCompressoruncompress internalexrundodwaa exruncompresschunk...

EUVD-2020-4104

Malware in sbrugna...

EUVD-2021-13077

Malware in sbrugna...

EUVD-2020-4107

Malware in sbrugna...

EUVD-2021-10319

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-26260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to cra...

CVE-2024-28563

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the Imf22::DwaCompressor::Classifier::Classifier function when reading images in EXR format...

PT-2023-35854 · Git +1 · Openexr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details include the LossyDctDecoder execute, DwaCompressor uncompress, and internal...

PT-2023-35847 · Git +1 · Openexr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the involvement of specific functions: libdeflate zl...

OSV-2023-407 Stack-buffer-overflow in DwaCompressor_readChannelRules

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59070 Crash type: Stack-buffer-overflow READ Crash state: DwaCompressorreadChannelRules DwaCompressoruncompress internalexrundodwaa...

PT-2023-35833 · Git +1 · Openexr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. Technical details include the DwaCompressor readChannelRules and DwaCompressor uncompress...

SUSE CVE-2020-11765

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read...

SUSE CVE-2021-23215

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR...

Debian DSA-5299-1 : openexr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5299 advisory. Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound read...

The vulnerability of the DwaCompressor component of the image storage software for OpenEXR files, which has a wide dynamic range of brightness levels, leads to uncontrolled resource consumption. This allows attackers to cause system failures.

The vulnerability of the DwaCompressor component of the image storage software for OpenEXR files, which supports a wide dynamic range of brightness levels, is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...

Denial Of Service (DoS)

openexr:stretch is vulnerable to denial of service. An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEX. An attacker could use this flaw to crash an application compiled with OpenEXR...

OESA-2021-1238 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker...

Ubuntu 18.04 LTS : OpenEXR vulnerabilities (USN-4996-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4996-1 advisory. It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a...

DEBIAN-CVE-2021-26260

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215...