Lucene search
+L

171 matches found

Snyk
Snyk
added 2025/08/26 5:25 p.m.1 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the bytesperline parameter in the ReadBMPImage function. An attacker can execute arbitrary code or cause a denial of service by supplying crafted input that triggers a 32-bit integer overflow, leading ...

8.8CVSS8.1AI score0.00794EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/26 5:25 p.m.2 views

CVE-2025-57803 ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytesperline stride to a tiny value while the...

7.5CVSS7AI score0.00794EPSS
Exploits1References3
OSV
OSV
added 2025/08/26 4:7 p.m.5 views

GHSA-MXVV-97WH-CFMM ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow

Summary A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytesperline stride to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the overflowed stride, so the first row immediately writes...

7.5CVSS7.9AI score0.00794EPSS
Exploits1References6
Veracode
Veracode
added 2025/08/18 9:8 a.m.5 views

Denial Of Service (DoS)

OpenEXR is vulnerable to Denial Of Service DoS. The vulnerability is due to a NULL pointer dereference due to improper handling of deep scanline images with large sample counts in reduceMemory mode...

6.2CVSS7AI score0.00198EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/08/18 8:21 a.m.4 views

Heap-based Buffer Overflow

OpenEXR is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper memory handling due to a maliciously forged chunk header when decompressing ZIPS-packed deep scan-line EXR files...

8.4CVSS5.9AI score0.00312EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-48071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3...

8.4CVSS5.9AI score0.00312EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-48072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 i...

9.1CVSS6.1AI score0.00496EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-48073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3....

6.2CVSS5.9AI score0.00198EPSS
Exploits1References2
CNVD
CNVD
added 2025/08/11 12:0 a.m.3 views

OpenEXR code issue vulnerability (CNVD-2025-24797)

OpenEXR is a high dynamic range image file format designed for the movie industry. A null pointer dereference vulnerability exists in OpenEXR version 3.3.2 when reading a deep scanline image containing a large number of sample points in reduceMemory mode, which stems from a null pointer exception...

6.2CVSS6.8AI score0.00198EPSS
Exploits1References1
CNVD
CNVD
added 2025/08/11 12:0 a.m.3 views

OpenEXR Buffer Overflow Vulnerability (CNVD-2025-24799)

OpenEXR is an open standard for high dynamic range image HDR file formats. A heap buffer overflow vulnerability exists in OpenEXR versions 3.3.0 through 3.3.2 when decompressing ZIPS-compressed deep scanline EXR files, which originates from a write operation out of bounds when processing...

8.4CVSS8.1AI score0.00312EPSS
Exploits1References1
CNVD
CNVD
added 2025/08/11 12:0 a.m.4 views

OpenEXR Buffer Overflow Vulnerability (CNVD-2025-24798)

OpenEXR is an open standard for high dynamic range image HDR file formats. A buffer overflow vulnerability exists in OpenEXR version 3.3.2, which stems from incorrect pointer arithmetic leading to an out-of-bounds read operation when decompressing a DWAA compressed scanline EXR file with...

9.1CVSS7.7AI score0.00496EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/08/04 11:22 p.m.4 views

SUSE CVE-2025-48071

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

6.1CVSS7.3AI score0.00312EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/08/04 11:22 p.m.5 views

SUSE CVE-2025-48073

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a...

3.3CVSS6.8AI score0.00198EPSS
Exploits1References3
OSV
OSV
added 2025/08/04 12:8 a.m.4 views

OSV-2025-597 Heap-buffer-overflow in generic_unpack

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=435779241 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack exrdecodingrun Imf34::ScanLineProcess::rundecode...

7AI score
Exploits0References1
OSV
OSV
added 2025/07/31 9:15 p.m.13 views

UBUNTU-CVE-2025-48073

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a...

6.2CVSS5.8AI score0.00198EPSS
Exploits1References4
OSV
OSV
added 2025/07/31 9:15 p.m.11 views

UBUNTU-CVE-2025-48071

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

8.4CVSS6.1AI score0.00312EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/07/31 8:25 p.m.6 views

CVE-2025-48073

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a...

6.2CVSS7.2AI score0.00198EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/07/31 8:18 p.m.5 views

CVE-2025-48072

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR...

9.1CVSS7.6AI score0.00496EPSS
Exploits1
Snyk
Snyk
added 2025/07/31 7:21 p.m.1 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the ScanLineProcess::runfill function when processing deep scanline images with large sample counts in reduceMemory mode. An attacker can cause the application to crash by providing a specially crafted image...

6.2CVSS6.6AI score0.00198EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/31 7:21 p.m.3 views

NULL Pointer Dereference

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to NULL Pointer Dereference via the ScanLineProcess::runfill function when processing deep scanline images with large sample counts in reduceMemory mode. An attacker can cause...

6.2CVSS6.9AI score0.00198EPSS
Exploits1References2
Rows per page
Query Builder