VulnerableCode Package Details - pkg:conan/openexr@3.1.4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4ztd-m43n-7fas	Divide By Zero In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.	CVE-2021-3941
VCID-5h3s-6g7x-y7ev	arbitrary code execution	CVE-2021-3598
VCID-9225-wpup-z3h6	Out-of-bounds Write OpenEXR has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.	CVE-2021-45942
VCID-sjx2-83vv-mqgu	arbitrary code execution	CVE-2021-3605
VCID-wqnd-x1rf-a7dv	Integer Overflow or Wraparound An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.	CVE-2021-3933

Vulnerability

Summary

Aliases

VCID-4ztd-m43n-7fas

Divide By Zero In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

CVE-2021-3941

VCID-5h3s-6g7x-y7ev

arbitrary code execution

CVE-2021-3598

VCID-9225-wpup-z3h6

Out-of-bounds Write OpenEXR has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

CVE-2021-45942

VCID-sjx2-83vv-mqgu

arbitrary code execution

CVE-2021-3605

VCID-wqnd-x1rf-a7dv

Integer Overflow or Wraparound An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

CVE-2021-3933

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:41:53.367445+00:00	GitLab Importer	Fixing	VCID-wqnd-x1rf-a7dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openexr/CVE-2021-3933.yml	38.6.0
2026-06-02T04:41:53.225484+00:00	GitLab Importer	Fixing	VCID-4ztd-m43n-7fas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openexr/CVE-2021-3941.yml	38.6.0
2026-06-02T04:40:48.646150+00:00	GitLab Importer	Fixing	VCID-9225-wpup-z3h6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openexr/CVE-2021-45942.yml	38.6.0
2026-06-02T04:39:49.872549+00:00	GitLab Importer	Fixing	VCID-sjx2-83vv-mqgu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openexr/CVE-2021-3605.yml	38.6.0
2026-06-02T04:39:27.793443+00:00	GitLab Importer	Fixing	VCID-5h3s-6g7x-y7ev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openexr/CVE-2021-3598.yml	38.6.0