13 matches found
CVE-2020-18430
The CVE-2020-18430 entry concerns tinyexr 0.9.5 and a vulnerability in the tinyexr::DecodeEXRImage component caused by an array index error that can lead to a denial of service. Affected software is specified as tinyexr 0.9.5; the underlying cause is an array indexing bug in the DecodeEXRImage pa...
CVE-2020-18428
The CVE-2020-18428 vulnerability affects the tinyexr library (commit 0.9.5) due to an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service. The connected documents provide the affected component and impact but do not specify a concrete patch version or remedi...
CVE-2022-34300
CVE-2022-34300 affects tinyexr 1.0.1, where a heap-based buffer over-read in tinyexr::DecodePixelData is reported. The vulnerability can lead to information disclosure and adverse impacts on availability/integrity as per CVSS vectors from NVD (CVE-2022-34300; CVSS v3.1: High, LAN, no privileges, ...
CVE-2018-12687
CVE-2018-12687 affects tinyexr 0.9.5, with an assertion failure in DecodePixelData (tinyexr.h). Root cause is a boundary/logic assertion in decoding pixel data. In the provided documents, CVSS metrics show a high impact on availability (CVSS-3 base score 7.5) but no explicit exploitation details ...
CVE-2020-19490
CVE-2020-19490 affects tinyexr 0.9.5. The vulnerability is an integer overflow overwrite in tinyexr::DecodePixelData defined in tinyexr.h, related to OpenEXR code. The connected documents do not provide explicit impact details, and no remediation patch/version is stated in the provided data.
CVE-2022-38529
CVE-2022-38529 corresponds to tinyexr where a heap-buffer overflow exists in rleUncompress due to commit 0647fb3. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector and user interaction required. Connected sources corroborate the same flaw across NVD, OSV, Debian/Ubuntu trackers and N...
CVE-2018-12064
CVE-2018-12064 affects the tinyexr library, specifically version 0.9.5. The vulnerability is a heap-based buffer over-read in the function tinyexr::ReadChannelInfo (in tinyexr.h), due to improper bounds handling. Affected impact indicates potential exposure of memory contents (out-of-bounds read)...
CVE-2018-12503
Summary: CVE-2018-12503 affects tinyexr 0.9.5 and is a heap-based buffer over-read in LoadEXRImageFromMemory (tinyexr.h). The primary sources describe a heap-based over-read vulnerability in tinyexr 0.9.5; ISO/Risk details are supported by CVSS metrics (NVD: CVSS v2 base 7.5 HIGH; CVSS v3 base 9....
CVE-2018-12688
CVE-2018-12688 affects tinyexr 0.9.5, with a segmentation fault in the wav2Decode function. The connected records consistently state this is a bug in tinyexr 0.9.5 and identify the wav2Decode routine as the vulnerable component. No public details about a root cause, exploit, or specific impact su...
CVE-2018-12093
CVE-2018-12093 affects tinyexr 0.9.5, with a memory leak in the function ParseEXRHeaderFromMemory in tinyexr.h . The connected documents consistently describe a memory-leak vulnerability without detailing the exact exploit or root cause beyond that leak. Exploitation details are not provided. Rem...
CVE-2018-12092
CVE-2018-12092 affects tinyexr 0.9.5, with a heap-based buffer over-read in tinyexr::DecodePixelData (tinyexr.h). Publicly reported descriptions in CNVD-2018-14428 and NVD confirm a buffer over-read related to OpenEXR code. The CNVD entry explicitly describes a vulnerability in tinyexr 0.9.5 and ...
CVE-2018-12504
CVE-2018-12504 affects tinyexr 0.9.5, with an assertion failure in ComputeChannelLayout in tinyexr.h. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CNVD-like entries, OSV, etc.). The vulnerability centers on tinyexr 0.9.5 and its ComputeChannelLayout function; exploitation ...
CVE-2018-20652
CVE-2018-20652 affects tinyexr v0.9.5 and is caused by an attempted excessive memory allocation in tinyexr::AllocateImage in tinyexr.h. This memory over-allocation can enable a denial-of-service via crafted input leading to an out-of-memory exception. Documents across NVD, OSV, CVE listings, and ...