CVE-2020-18430

tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).

CVE-2020-18428

tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).

CVE-2018-12687

tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.

CVE-2020-19490

tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.

CVE-2018-12064

tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.

CVE-2018-12503

tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.

CVE-2018-12093

tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.

CVE-2018-12688

tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.

CVE-2018-12504

tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.

CVE-2018-12092

tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.

CVE-2018-20652

An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception.