Shodan
Vulnerabilities
Vulnerable Software
Openexr:  >> Openexr  >> 1.0.7  Security Vulnerabilities
CVE-2021-26945
An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-06-08
CVE-2021-23169
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-06-08
CVE-2021-23215
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-06-08
CVE-2021-26260
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-06-08
CVE-2021-20296
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-04-01
CVE-2021-3477
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-03-31
CVE-2021-3478
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-03-31
CVE-2021-3479
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-03-31
CVE-2021-3475
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-03-30
CVE-2021-3476
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-03-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved