VulnerableCode Package Details - pkg:conan/openexr@2.5.4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2mjs-t6hr-6kck	Floating Point Comparison with Incorrect Operator A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.	CVE-2021-20302
VCID-71da-vybz-2kat	NULL Pointer Dereference A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.	CVE-2021-20299
VCID-ff42-1sjm-d7dm	Integer Overflow or Wraparound A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.	CVE-2021-20303
VCID-tuzb-thjx-sbdy	Integer Overflow or Wraparound A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.	CVE-2021-20300

Vulnerability

Summary

Aliases

VCID-2mjs-t6hr-6kck

Floating Point Comparison with Incorrect Operator A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.

CVE-2021-20302

VCID-71da-vybz-2kat

NULL Pointer Dereference A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

CVE-2021-20299

VCID-ff42-1sjm-d7dm

Integer Overflow or Wraparound A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

CVE-2021-20303

VCID-tuzb-thjx-sbdy

Integer Overflow or Wraparound A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.

CVE-2021-20300

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:41:50.089230+00:00	GitLab Importer	Fixing	VCID-71da-vybz-2kat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openexr/CVE-2021-20299.yml	38.6.0
2026-06-02T04:41:43.874186+00:00	GitLab Importer	Fixing	VCID-ff42-1sjm-d7dm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openexr/CVE-2021-20303.yml	38.6.0
2026-06-02T04:41:43.840123+00:00	GitLab Importer	Fixing	VCID-tuzb-thjx-sbdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openexr/CVE-2021-20300.yml	38.6.0
2026-06-02T04:41:43.670178+00:00	GitLab Importer	Fixing	VCID-2mjs-t6hr-6kck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openexr/CVE-2021-20302.yml	38.6.0