Debian Openexr vulnerabilities

CVE-2024-31047 [LOW] CVE-2024-31047: openexr - An issue in Academy Software Foundation openexr v.3.2.3 and before allows a loca... An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.1.13-1) sid: resolved (fixed in 3.1.13-1) trixie: resolved (fixed in 3.1.13-1)

CVE-2023-5841 [CRITICAL] CVE-2023-5841: openexr - Due to a failure in validating the number of scanline samples of a OpenEXR file ... Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. Scope: local bookworm: open b

CVE-2021-23169 [HIGH] CVE-2021-23169: openexr - A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR ... A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR. Scope: local bookworm: resolved (fixed in 2.5.4-2) bullseye: resolved (fixed in 2.5.4-2) forky: resolved (fixed in 2.5.4-

CVE-2021-20299 [HIGH] CVE-2021-20299: openexr - A flaw was found in OpenEXR's Multipart input file functionality. A crafted mult... A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 2.5.4-1) bullseye: resolved (fixed in 2.5.4-1) forky: resolved (fixed in 2.5.4-1) sid: resolved (

CVE-2021-20298 [HIGH] CVE-2021-20298: openexr - A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who ca... A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 2.5.4-1) bullseye: resolved (fixed in 2.5.4-1) forky: resolved (fixed i

CVE-2021-3933 [MEDIUM] CVE-2021-3933: openexr - An integer overflow could occur when OpenEXR processes a crafted file on systems... An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. Scope: local bookworm: resolved (fixed in 3.1.5-2) bullseye: resolved (fixed in 2.5.4-2+deb11u1) forky: reso

CVE-2021-3477 [MEDIUM] CVE-2021-3477: openexr - There's a flaw in OpenEXR's deep tile sample size calculations in versions befor... There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. Scope: local bookworm: resolved (fixed in 2.5.4-1) bu

CVE-2021-20302 [MEDIUM] CVE-2021-20302: openexr - A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an ... A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 2.5.4-1) bullseye: resolved (fixed in 2.5.4-1

CVE-2021-3474 [MEDIUM] CVE-2021-3474: openexr - There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file th... There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. Scope: local bookworm: resolved (fixed in 2.5.4-1) bullseye: resolved (fixed in 2.5.4-1) forky: resolved (fixed in 2.5.4-1) sid: resolved (fixed i

CVE-2021-3598 [MEDIUM] CVE-2021-3598: openexr - There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions p... There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Scope: local bookworm: resolved (fixed in 2.5.7-1) bullseye: resolved (fixed in 2.5.4-

CVE-2021-23215 [MEDIUM] CVE-2021-23215: openexr - An integer overflow leading to a heap-buffer overflow was found in the DwaCompre... An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. Scope: local bookworm: resolved (fixed in 2.5.7-1) bullseye: resolved (fixed in 2.5.4-2+deb11u1) forky: resolved (fixed in 2.5.7-1) sid: resolved (fixed in 2.5.7-1)

CVE-2021-3605 [MEDIUM] CVE-2021-3605: openexr - There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0... There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Scope: local bookworm: resolved (fixed in 2.5.7-1) bullseye: resolved (fixed in 2.5.4-2+deb11u1)

CVE-2021-20300 [MEDIUM] CVE-2021-20300: openexr - A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfH... A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 2.5.4-1) bullseye: resolved (fixed in 2.5.4-1

CVE-2021-20296 [MEDIUM] CVE-2021-20296: openexr - A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file ... A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 2.5.4-1) bullseye: reso

CVE-2021-45942 [MEDIUM] CVE-2021-45942: openexr - OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineComp... OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. Scope: local bookworm: resolved (fixed in 3.1.5-2) bullseye: resolved (fixed in 2.5.4-2+deb11u1) forky: resolved (fixed in 3.

CVE-2021-26260 [MEDIUM] CVE-2021-26260: openexr - An integer overflow leading to a heap-buffer overflow was found in the DwaCompre... An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. Scope: local bookworm: resolved (fixed in 2.5.7-1) bullseye: resolved (fixed in 2.5.4-2+deb11u1) forky: resolved (fixed

CVE-2021-3941 [MEDIUM] CVE-2021-3941: openexr - In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations ... In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked wit

CVE-2021-3478 [MEDIUM] CVE-2021-3478: openexr - There's a flaw in OpenEXR's scanline input file functionality in versions before... There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. Scope: local bookworm: resolved (fixed in 2.5.4-1) bullseye: resolved (fixed in 2.5.4-1) forky: resolved (f

CVE-2021-3476 [MEDIUM] CVE-2021-3476: openexr - A flaw was found in OpenEXR's B44 uncompression functionality in versions before... A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. Scope: local bookworm: resolved (fixed in 2.5.4-1) bullseye: resolved (fixed in 2.5.4-1) forky: resolved (fixed in 2.5.4-1) sid: resolve

CVE-2021-20303 [MEDIUM] CVE-2021-20303: openexr - A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An atta... A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. Scope: local boo