ALT-PU-2025-3676-3

Package update openexr in branch sisyphus

Version3.3.1-alt1

Published2026-02-04

Max severityCRITICAL

Severity:

Closed issues (3)

CRITICAL9.1

Уязвимость программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, вызванная переполнением буфера в динамической памяти, позволяющая нарушителю прочитать или записать произвольные данные

Published: 2024-03-25

CVSS 3.xCRITICAL 9.1

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0CRITICAL 9.4

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:N

References

CVE-2023-5841

CRITICAL9.1

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

Published: 2024-02-01Modified: 2025-11-04

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

LOW3.3

An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.

Published: 2024-04-08Modified: 2025-08-13

CVSS 3.xLOW 3.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References