Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/74400?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/74400?format=api", "purl": "pkg:pypi/openexr@3.4.6", "type": "pypi", "namespace": "", "name": "openexr", "version": "3.4.6", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.2.1", "latest_non_vulnerable_version": "3.4.6", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50521?format=api", "vulnerability_id": "VCID-qn33-asyh-y3hw", "summary": "OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write\nFunction: `CompositeDeepScanLine::readPixels`, reachable from high-level multipart deep read flows (`MultiPartInputFile` + `DeepScanLineInputPart` + `CompositeDeepScanLine`).\n\nVulnerable lines (`src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp`):\n- `total_sizes[ptr] += counts[j][ptr];` (line ~511)\n- `overall_sample_count += total_sizes[ptr];` (line ~514)\n- `samples[channel].resize (overall_sample_count);` (line ~535)\n\nImpact: 32-bit sample-count accumulation wrap leads to undersized allocation, then decode writes with true sample volume, causing heap OOB write in `generic_unpack_deep_pointers` (`src/lib/OpenEXRCore/unpack.c:1374`) (DoS/Crash, memory corruption/RCE).\n\nAttack scenario:\n- Attacker provides multipart deep EXR with many parts and very large sample counts per pixel.\n- Uses compression (RLE/ZIPS) to keep file size relatively small vs decode pressure.\n- The overflow happens in composite sample accounting (`unsigned int`), while pointer progression for decode uses larger counters and reaches out-of-bounds.\n\nTested on: `OpenEXR 4.0.0-dev` (commit 83449669402080874b25ff1fa740649a9e6ea064) but this code has existed since v2.3.0", "references": [ { "reference_url": "https://github.com/AcademySoftwareFoundation/openexr", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/AcademySoftwareFoundation/openexr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27622", "reference_id": "CVE-2026-27622", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27622" }, { "reference_url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963", "reference_id": "GHSA-cr4v-6jm6-4963", "reference_type": "", "scores": [], "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963" }, { "reference_url": "https://github.com/advisories/GHSA-cr4v-6jm6-4963", "reference_id": "GHSA-cr4v-6jm6-4963", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cr4v-6jm6-4963" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74398?format=api", "purl": "pkg:pypi/openexr@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openexr@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/74399?format=api", "purl": "pkg:pypi/openexr@3.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openexr@3.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/74400?format=api", "purl": "pkg:pypi/openexr@3.4.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openexr@3.4.6" } ], "aliases": [ "CVE-2026-27622", "GHSA-cr4v-6jm6-4963" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn33-asyh-y3hw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openexr@3.4.6" }