Information on source package openexr

Available versions

ReleaseVersion
jessie1.6.1-8+deb8u3
stretch2.2.0-11+deb9u4
buster2.2.1-4.1+deb10u2
bullseye2.5.4-2+deb11u1
bookworm3.1.5-5
trixie3.1.5-5.1
sid3.1.5-5.1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-31047fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableAn issue in Academy Software Foundation openexr v.3.2.3 and before all ...
CVE-2023-5841fixedfixedfixedfixedvulnerable (no DSA)vulnerablevulnerableDue to a failure in validating the number of scanline samples of a Ope ...
CVE-2021-45942vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedOpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...
CVE-2021-20298vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedA flaw was found in OpenEXR's B44Compressor. This flaw allows an attac ...
CVE-2021-3941vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedIn ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...
CVE-2021-3478vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedThere's a flaw in OpenEXR's scanline input file functionality in versi ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2021-26945vulnerablevulnerablevulnerablevulnerablefixedfixedfixedAn integer overflow leading to a heap-buffer overflow was found in Ope ...
CVE-2021-20304vulnerablevulnerablevulnerablefixedfixedfixedfixedA flaw was found in OpenEXR's hufDecode functionality. This flaw allow ...
CVE-2018-18443vulnerablevulnerablevulnerablefixedfixedfixedfixedOpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...
CVE-2017-14988vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableHeader::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remot ...

Resolved issues

BugDescription
CVE-2021-26260An integer overflow leading to a heap-buffer overflow was found in the ...
CVE-2021-23215An integer overflow leading to a heap-buffer overflow was found in the ...
CVE-2021-23169A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...
CVE-2021-20303A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cp ...
CVE-2021-20302A flaw was found in OpenEXR's TiledInputFile functionality. This flaw ...
CVE-2021-20300A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/I ...
CVE-2021-20299A flaw was found in OpenEXR's Multipart input file functionality. A cr ...
CVE-2021-20296A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...
CVE-2021-3933An integer overflow could occur when OpenEXR processes a crafted file ...
CVE-2021-3605There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...
CVE-2021-3598There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...
CVE-2021-3479There's a flaw in OpenEXR's Scanline API functionality in versions bef ...
CVE-2021-3477There's a flaw in OpenEXR's deep tile sample size calculations in vers ...
CVE-2021-3476A flaw was found in OpenEXR's B44 uncompression functionality in versi ...
CVE-2021-3475There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...
CVE-2021-3474There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...
CVE-2020-16589A head-based buffer overflow exists in Academy Software Foundation Ope ...
CVE-2020-16588A Null Pointer Deference issue exists in Academy Software Foundation O ...
CVE-2020-16587A heap-based buffer overflow vulnerability exists in Academy Software ...
CVE-2020-15306An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...
CVE-2020-15305An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...
CVE-2020-15304An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...
CVE-2020-11765An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...
CVE-2020-11764An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11763An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...
CVE-2020-11762An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11761An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11760An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2020-11759An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...
CVE-2020-11758An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...
CVE-2018-18444makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...
CVE-2017-12596In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...
CVE-2017-9116In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...
CVE-2017-9115In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...
CVE-2017-9114In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...
CVE-2017-9113In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...
CVE-2017-9112In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...
CVE-2017-9111In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...
CVE-2017-9110In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...
CVE-2009-1722Heap-based buffer overflow in the compression implementation in OpenEX ...
CVE-2009-1721The decompression implementation in the Imf::hufUncompress function in ...
CVE-2009-1720Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-de ...

Security announcements

DSA / DLADescription
DLA-3236-1openexr - security update
DSA-5299-1openexr - security update
DLA-2732-1openexr - security update
ELA-469-1openexr - security update
DLA-2701-1openexr - security update
ELA-453-1openexr - security update
ELA-333-1openexr - security update
DLA-2491-1openexr - security update
DLA-2358-1openexr - security update
DSA-4755-1openexr - security update
DLA-1083-1openexr - security update
DSA-1842-1openexr - several vulnerabilities

Search for package or bug name: Reporting problems