Peter Hillman - Security Researcher - Exploit Intelligence Platform

CVE-2020-16588 WRITEUP MEDIUM WRITEUP

Openexr - NULL Pointer Dereference

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.

CVSS 5.5

View Code

CVE-2020-16589 WRITEUP MEDIUM WRITEUP

Openexr - Out-of-Bounds Write

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.

CVSS 5.5

View Code

CVE-2021-20298 WRITEUP HIGH WRITEUP

Openexr < 2.5.7 - Out-of-Bounds Write

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.

CVSS 7.5

View Code

CVE-2021-45942 WRITEUP MEDIUM WRITEUP

OpenEXR <3.1.4 - Buffer Overflow

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

CVSS 5.5

View Code