Openexr: >> Openexr >> 3.0.5 Security Vulnerabilities
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-04-08
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
CVSS Score
9.1
EPSS Score
0.007
Published
2024-02-01
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-25