openexr 3.3.2 vulnerabilities

Known vulnerabilities in the openexr package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Heap-based Buffer Overflow OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Heap-based Buffer Overflow via `undo_zip_impl` function during a write operation when decompressing ZIPS-packed deep scan-line EXR files. An attacker can write arbitrary data to the heap and potentially execute code by supplying a specially crafted EXR file with a forged chunk header. How to fix Heap-based Buffer Overflow? Upgrade `OpenEXR` to version 3.3.3 or higher.	[3.3.0,3.3.3)
L Allocation of Resources Without Limits or Throttling OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded values in the `dataWindow` header field. An attacker can exhaust system memory or cause the application to crash by supplying specially crafted files with excessively large header values that trigger uncontrolled memory allocation and excessive iteration. Note: This issue affects only macOS or GNU/Linux systems. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `OpenEXR` to version 3.3.3 or higher.	[3.3.2,3.3.3)
L NULL Pointer Dereference OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to NULL Pointer Dereference via the `ScanLineProcess::run_fill` function when processing deep scanline images with large sample counts in `reduceMemory` mode. An attacker can cause the application to crash by providing a specially crafted image file that triggers a NULL pointer dereference during a write operation. How to fix NULL Pointer Dereference? Upgrade `OpenEXR` to version 3.3.3 or higher.	[3.3.2,3.3.3)
M Out-of-bounds Read OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Read in the `LossyDctDecoder_execute` function. An attacker can cause the application to crash or potentially leak sensitive information by providing a specially crafted DWAA-packed scan-line EXR file with a malicious chunk that triggers out-of-bounds heap reads. How to fix Out-of-bounds Read? Upgrade `OpenEXR` to version 3.3.3 or higher.	[3.3.2,3.3.3)

Vulnerability

Vulnerable Version

Heap-based Buffer Overflow

OpenEXR is a Python bindings for the OpenEXR image file format

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via undo_zip_impl function during a write operation when decompressing ZIPS-packed deep scan-line EXR files. An attacker can write arbitrary data to the heap and potentially execute code by supplying a specially crafted EXR file with a forged chunk header.

How to fix Heap-based Buffer Overflow?

Upgrade OpenEXR to version 3.3.3 or higher.

[3.3.0,3.3.3)

Allocation of Resources Without Limits or Throttling

OpenEXR is a Python bindings for the OpenEXR image file format

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded values in the dataWindow header field. An attacker can exhaust system memory or cause the application to crash by supplying specially crafted files with excessively large header values that trigger uncontrolled memory allocation and excessive iteration.

Note:

This issue affects only macOS or GNU/Linux systems.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade OpenEXR to version 3.3.3 or higher.

[3.3.2,3.3.3)

NULL Pointer Dereference

OpenEXR is a Python bindings for the OpenEXR image file format

Affected versions of this package are vulnerable to NULL Pointer Dereference via the ScanLineProcess::run_fill function when processing deep scanline images with large sample counts in reduceMemory mode. An attacker can cause the application to crash by providing a specially crafted image file that triggers a NULL pointer dereference during a write operation.

How to fix NULL Pointer Dereference?

Upgrade OpenEXR to version 3.3.3 or higher.

[3.3.2,3.3.3)

Out-of-bounds Read

OpenEXR is a Python bindings for the OpenEXR image file format

Affected versions of this package are vulnerable to Out-of-bounds Read in the LossyDctDecoder_execute function. An attacker can cause the application to crash or potentially leak sensitive information by providing a specially crafted DWAA-packed scan-line EXR file with a malicious chunk that triggers out-of-bounds heap reads.

How to fix Out-of-bounds Read?

Upgrade OpenEXR to version 3.3.3 or higher.

[3.3.2,3.3.3)

openexr@3.3.2 vulnerabilities

Python bindings for the OpenEXR image file format

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?