This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Openexr First view 2022-01-01
Product Openexr Last view 2022-03-25
Version 3.1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:openexr:openexr

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2022-03-25 CVE-2021-3941

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

5.5 2022-01-01 CVE-2021-45942

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-787 Out-of-bounds Write
50% (1) CWE-369 Divide By Zero