Summary
| Detail | |||
|---|---|---|---|
| Vendor | Tinyexr Project | First view | 2018-06-08 |
| Product | Tinyexr | Last view | 2022-09-06 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:tinyexr_project:tinyexr:0.9.5:*:*:*:*:*:*:* | 11 |
| cpe:2.3:a:tinyexr_project:tinyexr:1.0.1:*:*:*:*:*:*:* | 1 |
| cpe:2.3:a:tinyexr_project:tinyexr:2022-06-28:*:*:*:*:*:*:* | 1 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2022-09-06 | CVE-2022-38529 | tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress. |
| 8.8 | 2022-06-23 | CVE-2022-34300 | In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData. |
| 7.5 | 2021-07-26 | CVE-2020-18430 | tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS). |
| 7.5 | 2021-07-26 | CVE-2020-18428 | tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS). |
| 5.5 | 2021-07-21 | CVE-2020-19490 | tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. |
| 6.5 | 2019-01-01 | CVE-2018-20652 | An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception. |
| 9.8 | 2018-06-22 | CVE-2018-12688 | tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. |
| 7.5 | 2018-06-22 | CVE-2018-12687 | tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. |
| 7.5 | 2018-06-16 | CVE-2018-12504 | tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h. |
| 9.8 | 2018-06-16 | CVE-2018-12503 | tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h. |
| 7.5 | 2018-06-11 | CVE-2018-12093 | tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h. |
| 9.8 | 2018-06-11 | CVE-2018-12092 | tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. |
| 9.8 | 2018-06-08 | CVE-2018-12064 | tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 30% (4) | CWE-125 | Out-of-bounds Read |
| 15% (2) | CWE-617 | Reachable Assertion |
| 15% (2) | CWE-129 | Improper Validation of Array Index |
| 7% (1) | CWE-787 | Out-of-bounds Write |
| 7% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
| 7% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 7% (1) | CWE-190 | Integer Overflow or Wraparound |
| 7% (1) | CWE-20 | Improper Input Validation |
