openexr 3.4.8

Direct Vulnerabilities

Known vulnerabilities in the openexr package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Integer Overflow or Wraparound OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the `generic_unpack` function when parsing EXR files containing a crafted negative value for `dataWindow.min.x`. An attacker can cause the process to terminate unexpectedly by supplying a specially crafted EXR file that triggers a signed integer overflow during image width calculation. How to fix Integer Overflow or Wraparound? Upgrade `OpenEXR` to version 3.3.9, 3.4.9 or higher.	[3.2.3,3.3.9)[3.4.0,3.4.9)
H Incorrect Type Conversion or Cast OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the `LossyDctDecoder_execute` process when decoding DWA or DWAB-compressed files containing FLOAT-type channels. An attacker can cause undefined behavior, potentially leading to application crashes or unintended code execution, by supplying specially crafted EXR files that trigger misaligned memory writes. This is only exploitable if the target system enforces strict memory alignment (such as ARM or RISC-V architectures), or if compiler optimizations assume aligned access. How to fix Incorrect Type Conversion or Cast? Upgrade `OpenEXR` to version 3.2.7, 3.3.9, 3.4.9 or higher.	[3.2.3,3.2.7)[3.3.0,3.3.9)[3.4.0,3.4.9)
M Integer Overflow or Wraparound OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the `undo_pxr24_impl` function. An attacker can cause memory corruption and potentially execute arbitrary code by providing a specially crafted EXR file that triggers a signed integer overflow, leading to a bounds-check bypass and out-of-bounds write during PXR24 decompression. How to fix Integer Overflow or Wraparound? Upgrade `OpenEXR` to version 3.2.7, 3.3.9, 3.4.9 or higher.	[3.2.3,3.2.7)[3.3.0,3.3.9)[3.4.0,3.4.9)
H Out-of-bounds Write OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Write through the `LossyDctDecoder_execute` process. An attacker can cause a crash or denial of service by providing a crafted scanline DWAA file that triggers an integer overflow, resulting in a heap out-of-bounds write during decoding. How to fix Out-of-bounds Write? Upgrade `OpenEXR` to version 3.2.7, 3.3.9, 3.4.9 or higher.	[3.2.3,3.2.7)[3.3.0,3.3.9)[3.4.0,3.4.9)
H Out-of-bounds Write OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Write. through the `internal_exr_undo_piz` process. An attacker can cause out-of-bounds memory access, leading to potential memory corruption or process crash, by supplying a specially crafted EXR file that triggers signed integer overflow and subsequent invalid buffer operations. How to fix Out-of-bounds Write? Upgrade `OpenEXR` to version 3.2.7, 3.3.9, 3.4.9 or higher.	[3.2.3,3.2.7)[3.3.0,3.3.9)[3.4.2,3.4.9)

Vulnerability

Vulnerable Version

Integer Overflow or Wraparound