Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 52 results


CVE-2021-3933

Medium priority

Some fixes available 4 of 23

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability...

3 affected packages

ilmbase, openexr, povray

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ilmbase Not in release Needs evaluation Needs evaluation Not affected Not affected
openexr Not affected Fixed Fixed Fixed Fixed
povray Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3605

Medium priority

Some fixes available 3 of 6

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-3598

Low priority

Some fixes available 3 of 6

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-26945

Negligible priority
Needs evaluation

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
Show less packages

CVE-2021-26260

Low priority

Some fixes available 3 of 6

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-23215

Low priority

Some fixes available 3 of 6

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-23169

Negligible priority
Needs evaluation

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Needs evaluation Not affected Not affected
Show less packages

CVE-2021-20296

Low priority

Some fixes available 3 of 4

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference....

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-3479

Medium priority
Fixed

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-3478

Medium priority
Fixed

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this...

1 affected packages

openexr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openexr Not affected Fixed Fixed Fixed
Show less packages