threat
engine
.sh
Back
·
··:··
Home
/
Product
/
openexr
Product
openexr
78 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-42217
>= 3.0.0 and < 3.2.9
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
9.8
CRITICAL
CVE-2026-42216
>= 3.0.0 and < 3.2.9
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
9.1
CRITICAL
CVE-2026-41142
>= 3.0.0 and < 3.2.9
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
8.8
HIGH
CVE-2026-40250
>= 3.2.0 and < 3.2.8
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.1
HIGH
CVE-2026-40244
>= 3.2.0 and < 3.2.8
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.1
HIGH
CVE-2026-39886
>= 3.4.0 and < 3.4.10
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
5.3
MEDIUM
CVE-2026-34589
>= 3.2.0 and < 3.2.7
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
5.0
MEDIUM
CVE-2026-34588
>= 3.1.0 and < 3.2.7
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.8
HIGH
CVE-2026-34380
>= 3.2.0 and < 3.2.7
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
5.9
MEDIUM
CVE-2026-34379
>= 3.2.0 and < 3.2.7
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.1
HIGH
CVE-2026-34378
>= 3.4.0 and < 3.4.9
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
6.5
MEDIUM
CVE-2026-34545
>= 3.4.0 and < 3.4.7
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.3
HIGH
CVE-2026-34544
>= 3.2.0 and < 3.2.7
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.3
HIGH
CVE-2026-34543
>= 3.2.0 and < 3.2.7
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.5
HIGH
CVE-2026-27622
< 3.2.6
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.8
HIGH
CVE-2026-26981
>= 3.3.0 and < 3.3.7
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
6.5
MEDIUM
CVE-2025-12840
< 3.4.3
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerab
7.8
HIGH
CVE-2025-12839
< 3.4.3
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerab
7.8
HIGH
CVE-2025-12495
< 3.4.3
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerab
7.8
HIGH
CVE-2025-64183
>= 3.2.0 and < 3.2.5
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.5
HIGH
CVE-2025-64182
>= 3.2.0 and < 3.2.5
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.8
HIGH
CVE-2025-64181
>= 3.3.0 and < 3.3.6
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.5
HIGH
CVE-2025-48074
all versions
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
5.5
MEDIUM
CVE-2025-48073
all versions
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
6.2
MEDIUM
CVE-2025-48072
all versions
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
9.1
CRITICAL
CVE-2025-48071
>= 3.3.0 and < 3.3.3
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion pic
7.8
HIGH
CVE-2024-31047
< 3.2.4
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via
3.3
LOW
CVE-2023-5841
<= 3.2.1
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Fo
9.1
CRITICAL
CVE-2021-20304
<= 2.5.7
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by
7.5
HIGH
CVE-2021-20298
<= 2.5.7
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR
7.5
HIGH
CVE-2021-3941
all versions
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.wh
6.5
MEDIUM
CVE-2021-3933
< 3.1.2
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an inval
5.5
MEDIUM
CVE-2021-20299
< 2.5.4
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger
7.5
HIGH
CVE-2021-20303
< 2.5.4
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be pr
6.1
MEDIUM
CVE-2021-20302
< 2.5.4
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-
5.5
MEDIUM
CVE-2021-20300
< 2.5.4
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submi
5.5
MEDIUM
CVE-2021-45942
>= 3.1.0 and < 3.1.4
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::Nul
5.5
MEDIUM
CVE-2021-3605
< 3.0.5
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted fi
5.5
MEDIUM
CVE-2021-3598
< 3.0.5
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a
5.5
MEDIUM
CVE-2021-26945
< 3.0.1
An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this fl
5.5
MEDIUM
CVE-2021-26260
< 3.0.1
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attac
5.5
MEDIUM
CVE-2021-23215
< 3.0.1
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attac
5.5
MEDIUM
CVE-2021-23169
< 3.0.1
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use th
8.8
HIGH
CVE-2021-20296
< 2.4.3
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the
5.3
MEDIUM
CVE-2021-3479
< 2.4.3
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted
5.5
MEDIUM
CVE-2021-3478
< 2.4.3
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted
5.5
MEDIUM
CVE-2021-3477
< 2.4.3
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a
5.5
MEDIUM
CVE-2021-3476
< 2.4.3
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a c
5.3
MEDIUM
CVE-2021-3475
< 2.4.3
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR cou
5.3
MEDIUM
CVE-2021-3474
< 2.4.3
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift ove
5.3
MEDIUM
CVE-2020-16589
all versions
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that c
5.5
MEDIUM
CVE-2020-16588
all versions
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can
5.5
MEDIUM
CVE-2020-16587
all versions
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in Imf
5.5
MEDIUM
CVE-2020-15306
< 2.5.2
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffs
5.5
MEDIUM
CVE-2020-15305
< 2.5.2
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLine
5.5
MEDIUM
CVE-2020-15304
< 2.5.2
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::
5.5
MEDIUM
CVE-2020-11765
< 2.4.1
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompresso
5.5
MEDIUM
CVE-2020-11764
< 2.4.1
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
5.5
MEDIUM
CVE-2020-11763
< 2.4.1
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileO
5.5
MEDIUM
CVE-2020-11762
< 2.4.1
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCo
5.5
MEDIUM
CVE-2020-11761
< 2.4.1
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by F
5.5
MEDIUM
CVE-2020-11760
< 2.4.1
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRl
5.5
MEDIUM
CVE-2020-11759
< 2.4.1
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffe
5.5
MEDIUM
CVE-2020-11758
< 2.4.1
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
5.5
MEDIUM
CVE-2018-18444
all versions
makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspeci
8.8
HIGH
CVE-2018-18443
all versions
OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.
4.3
MEDIUM
CVE-2017-14988
all versions
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory a
5.5
MEDIUM
CVE-2017-12596
all versions
In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrma
7.8
HIGH
CVE-2017-9116
all versions
In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.
6.5
MEDIUM
CVE-2017-9115
all versions
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute
8.8
HIGH
CVE-2017-9114
all versions
In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
6.5
MEDIUM
CVE-2017-9113
all versions
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to
8.8
HIGH
CVE-2017-9112
all versions
In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
6.5
MEDIUM
CVE-2017-9111
all versions
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to
8.8
HIGH
CVE-2017-9110
all versions
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
6.5
MEDIUM
CVE-2009-1722
all versions
Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial
CVE-2009-1721
all versions
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers
CVE-2009-1720
all versions
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin