peterhillman

3 exploits Active since Jan 2022
CVE-2021-45942 WRITEUP MEDIUM WRITEUP
OpenEXR 3.1.0-3.1.3 - Heap-Based Buffer Overflow in LineCompositeTask
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
CVSS 5.5
CVE-2021-20299 WRITEUP HIGH WRITEUP
OpenEXR - Denial of Service via Multipart Input File NULL Pointer Dereference
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
CVSS 7.5
CVE-2021-20304 WRITEUP HIGH WRITEUP
OpenEXR < 2.5.7 - Denial of Service via hufDecode Undefined Right Shift
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.
CVSS 7.5