Homepage

openexr@3.3.0 vulnerabilities

Python bindings for the OpenEXR image file format

  • latest version

    3.3.5

  • latest non vulnerable version

    3.3.5

  • first published

    16 years ago

  • latest version published

    9 days ago

  • licenses detected

  • View openexr package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the openexr package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Heap-based Buffer Overflow

    OpenEXR is a Python bindings for the OpenEXR image file format

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow via undo_zip_impl function during a write operation when decompressing ZIPS-packed deep scan-line EXR files. An attacker can write arbitrary data to the heap and potentially execute code by supplying a specially crafted EXR file with a forged chunk header.

    How to fix Heap-based Buffer Overflow?

    Upgrade OpenEXR to version 3.3.3 or higher.

    [3.3.0,3.3.3)
    Go back to all versions of this package