{"url":"http://public2.vulnerablecode.io/api/packages/516091?format=json","purl":"pkg:deb/debian/openexr@1.6.1-4.1","type":"deb","namespace":"debian","name":"openexr","version":"1.6.1-4.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.6+ds-2","latest_non_vulnerable_version":"3.4.6+ds-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54286?format=json","vulnerability_id":"VCID-16pc-89jd-jyck","summary":"Integer Overflow or Wraparound\nAn attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3475.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3475","reference_id":"","reference_type":"","scores":[{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77516","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77543","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77552","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77544","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77533","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78883","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3475"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939144","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796","reference_id":"986796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796"},{"reference_url":"https://security.archlinux.org/AVG-1746","reference_id":"AVG-1746","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1746"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3475","reference_id":"CVE-2021-3475","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3475"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4900-1/","reference_id":"USN-4900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4900-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3475"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16pc-89jd-jyck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54587?format=json","vulnerability_id":"VCID-18jc-a8t8-jqgh","summary":"Integer Overflow or Wraparound\nAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR An attacker could use this flaw to crash an application compiled with OpenEXR.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23215.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23215","reference_id":"","reference_type":"","scores":[{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.68025","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.68064","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.68049","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.68072","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.68063","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23215"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947586","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947586"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23215","reference_id":"CVE-2021-23215","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23215"},{"reference_url":"https://usn.ubuntu.com/4996-1/","reference_id":"USN-4996-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-1/"},{"reference_url":"https://usn.ubuntu.com/4996-2/","reference_id":"USN-4996-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5620-1/","reference_id":"USN-USN-5620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5620-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-23215"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18jc-a8t8-jqgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54292?format=json","vulnerability_id":"VCID-1v21-5hnx-jbhq","summary":"Uncontrolled Resource Consumption\nThere's a flaw in OpenEXR's scanline input file functionality . An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3478.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3478","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58773","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58802","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58825","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58817","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58819","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939160","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3478"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796","reference_id":"986796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796"},{"reference_url":"https://security.archlinux.org/AVG-1746","reference_id":"AVG-1746","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1746"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3478","reference_id":"CVE-2021-3478","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3478"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4900-1/","reference_id":"USN-4900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4900-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3478"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v21-5hnx-jbhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52507?format=json","vulnerability_id":"VCID-29pv-pzhu-zfbj","summary":"Out-of-bounds Read\nThere is an out-of-bounds read during Huffman uncompression, as demonstrated by `FastHufDecoder::refill` in `ImfFastHuf.cpp`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11761.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11761","reference_id":"","reference_type":"","scores":[{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59165","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59214","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59218","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.5921","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59193","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59209","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829002","reference_id":"1829002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444","reference_id":"959444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11761","reference_id":"CVE-2020-11761","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11761"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4039","reference_id":"RHSA-2020:4039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4039"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-11761"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29pv-pzhu-zfbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96253?format=json","vulnerability_id":"VCID-2bx5-1h7d-xkg9","summary":"In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12596.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12596.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12596","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67516","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67552","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67553","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67536","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67558","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67564","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12596"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12596","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12596"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483880","reference_id":"1483880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483880"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877352","reference_id":"877352","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877352"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"}],"aliases":["CVE-2017-12596"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bx5-1h7d-xkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42575?format=json","vulnerability_id":"VCID-2mjs-t6hr-6kck","summary":"Floating Point Comparison with Incorrect Operator\nA flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20302.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20302","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67815","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67855","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67862","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67851","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67837","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67852","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20302"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939161","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20302"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/pull/842","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20302","reference_id":"CVE-2021-20302","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20302"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-20302"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2mjs-t6hr-6kck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96264?format=json","vulnerability_id":"VCID-2vkx-6ytf-8kcd","summary":"A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20304.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20304","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37381","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37473","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37478","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37446","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37407","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70895","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20304"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/pull/849","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/849"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939157","reference_id":"1939157","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939157"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-20304","reference_id":"CVE-2021-20304","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2021-20304"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20304","reference_id":"CVE-2021-20304","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20304"},{"reference_url":"https://security.gentoo.org/glsa/202210-31","reference_id":"GLSA-202210-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-20304"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vkx-6ytf-8kcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96259?format=json","vulnerability_id":"VCID-3cha-7x64-qbdd","summary":"In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9116.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9116","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63082","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63078","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63065","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6308","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63088","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455540","reference_id":"1455540","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455540"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078","reference_id":"864078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"}],"aliases":["CVE-2017-9116"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cha-7x64-qbdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52512?format=json","vulnerability_id":"VCID-3qpb-771k-e3fv","summary":"Off-by-one Error\nThere is an off-by-one error in use of the `ImfXdr.h` read function by `DwaCompressor::Classifier::Classifier`, leading to an out-of-bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11765.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11765","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59241","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59291","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59295","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59286","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59267","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59285","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828985","reference_id":"1828985","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828985"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444","reference_id":"959444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11765","reference_id":"CVE-2020-11765","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11765"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-11765"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qpb-771k-e3fv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42775?format=json","vulnerability_id":"VCID-4ztd-m43n-7fas","summary":"Divide By Zero\nIn ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3941.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3941.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3941","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30792","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30864","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30831","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30797","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30766","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30783","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3941"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019789","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014828","reference_id":"1014828","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014828"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3941","reference_id":"CVE-2021-3941","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3941"},{"reference_url":"https://security.gentoo.org/glsa/202210-31","reference_id":"GLSA-202210-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-31"},{"reference_url":"https://usn.ubuntu.com/5150-1/","reference_id":"USN-5150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5150-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5620-1/","reference_id":"USN-USN-5620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5620-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3941"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztd-m43n-7fas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52504?format=json","vulnerability_id":"VCID-5b1h-ubrs-5udw","summary":"Out-of-bounds Write\nThere is a `std::vector` out-of-bounds read and write, as demonstrated by `ImfTileOffsets.cpp`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11763.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11763","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59285","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59295","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59286","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59267","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69208","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69169","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828995","reference_id":"1828995","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828995"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444","reference_id":"959444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11763","reference_id":"CVE-2020-11763","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11763"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4039","reference_id":"RHSA-2020:4039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4039"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-11763"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5b1h-ubrs-5udw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7265?format=json","vulnerability_id":"VCID-5h3s-6g7x-y7ev","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3598.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3598.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3598","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35312","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35362","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35384","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35343","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35409","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35419","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3598"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970987","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970987"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990450","reference_id":"990450","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990450"},{"reference_url":"https://security.archlinux.org/ASA-202107-14","reference_id":"ASA-202107-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-14"},{"reference_url":"https://security.archlinux.org/AVG-2071","reference_id":"AVG-2071","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2071"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3598","reference_id":"CVE-2021-3598","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3598"},{"reference_url":"https://security.gentoo.org/glsa/202210-31","reference_id":"GLSA-202210-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-31"},{"reference_url":"https://usn.ubuntu.com/4996-1/","reference_id":"USN-4996-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-1/"},{"reference_url":"https://usn.ubuntu.com/4996-2/","reference_id":"USN-4996-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5620-1/","reference_id":"USN-USN-5620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5620-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3598"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5h3s-6g7x-y7ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54584?format=json","vulnerability_id":"VCID-5mtn-211g-fffn","summary":"Integer Underflow (Wrap or Wraparound)\nAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26260.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26260.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26260","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.6852","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68561","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68568","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68562","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68546","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68564","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26260"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947582","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947582"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992703","reference_id":"992703","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992703"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26260","reference_id":"CVE-2021-26260","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26260"},{"reference_url":"https://usn.ubuntu.com/4996-1/","reference_id":"USN-4996-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-1/"},{"reference_url":"https://usn.ubuntu.com/4996-2/","reference_id":"USN-4996-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5620-1/","reference_id":"USN-USN-5620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5620-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-26260"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mtn-211g-fffn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54296?format=json","vulnerability_id":"VCID-619d-rwc5-3ya3","summary":"Uncontrolled Resource Consumption\nThere's a flaw in OpenEXR's Scanline API functionality . An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3479.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3479","reference_id":"","reference_type":"","scores":[{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.6757","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67606","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67608","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67591","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67611","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67618","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939149","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3479"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796","reference_id":"986796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796"},{"reference_url":"https://security.archlinux.org/AVG-1746","reference_id":"AVG-1746","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1746"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3479","reference_id":"CVE-2021-3479","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3479"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4900-1/","reference_id":"USN-4900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4900-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3479"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-619d-rwc5-3ya3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52509?format=json","vulnerability_id":"VCID-6nd2-9m93-eydr","summary":"Out-of-bounds Write\nAn issue was discovered in OpenEXR. There is an out-of-bounds read and write in `DwaCompressor::uncompress` in `ImfDwaCompressor.cpp` when handling the `UNKNOWN` compression case.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11762.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11762","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59241","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59291","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59295","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59286","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59267","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59285","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828999","reference_id":"1828999","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828999"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444","reference_id":"959444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11762","reference_id":"CVE-2020-11762","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11762"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-11762"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6nd2-9m93-eydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53869?format=json","vulnerability_id":"VCID-6zbn-va8u-nuew","summary":"Out-of-bounds Write\nA heap-based buffer overflow vulnerability exists in OpenEXR in `chunkOffsetReconstruction` of `ImfMultiPartInputFile.cpp` that can cause a denial of service via a crafted EXR file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16587.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16587.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16587","reference_id":"","reference_type":"","scores":[{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68182","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68221","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68223","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68229","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68206","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16587"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1929320","reference_id":"1929320","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1929320"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16587","reference_id":"CVE-2020-16587","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16587"},{"reference_url":"https://usn.ubuntu.com/4676-1/","reference_id":"USN-4676-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4676-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-16587"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6zbn-va8u-nuew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42714?format=json","vulnerability_id":"VCID-71da-vybz-2kat","summary":"NULL Pointer Dereference\nA flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20299.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20299.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20299","reference_id":"","reference_type":"","scores":[{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77655","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77682","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.7769","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.7768","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77669","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77688","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20299"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939154","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20299"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20299","reference_id":"CVE-2021-20299","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20299"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-20299"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71da-vybz-2kat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54287?format=json","vulnerability_id":"VCID-7wum-rugz-73au","summary":"Integer Overflow or Wraparound\nA flaw was found in OpenEXR's `B44` uncompression functionality. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3476.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3476","reference_id":"","reference_type":"","scores":[{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77452","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.7749","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77489","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77468","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77479","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3476"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939145","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3476"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796","reference_id":"986796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796"},{"reference_url":"https://security.archlinux.org/AVG-1746","reference_id":"AVG-1746","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1746"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3476","reference_id":"CVE-2021-3476","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3476"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4900-1/","reference_id":"USN-4900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4900-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3476"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wum-rugz-73au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41943?format=json","vulnerability_id":"VCID-9225-wpup-z3h6","summary":"Out-of-bounds Write\nOpenEXR has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45942.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45942.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45942","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64148","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64193","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64201","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.6419","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64177","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64197","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45942"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/pull/1209","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/1209"},{"reference_url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014828","reference_id":"1014828","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014828"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2047745","reference_id":"2047745","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2047745"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45942","reference_id":"CVE-2021-45942","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45942"},{"reference_url":"https://security.gentoo.org/glsa/202210-31","reference_id":"GLSA-202210-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-45942"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9225-wpup-z3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43715?format=json","vulnerability_id":"VCID-9uvs-zg72-ruc1","summary":"OpenEXR invalid write\nIn OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9111.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9111","reference_id":"","reference_type":"","scores":[{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85356","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85378","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85384","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85379","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85364","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/AcademySoftwareFoundation/openexr"},{"reference_url":"https://github.com/openexr/openexr/issues/232","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/issues/232"},{"reference_url":"https://github.com/openexr/openexr/pull/233","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/pull/233"},{"reference_url":"https://github.com/openexr/openexr/releases/tag/v2.2.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/releases/tag/v2.2.1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"},{"reference_url":"https://usn.ubuntu.com/4148-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4148-1"},{"reference_url":"https://usn.ubuntu.com/4339-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4339-1"},{"reference_url":"https://www.debian.org/security/2020/dsa-4755","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4755"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/05/12/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2017/05/12/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455528","reference_id":"1455528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885","reference_id":"873885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9111","reference_id":"CVE-2017-9111","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9111"},{"reference_url":"https://github.com/advisories/GHSA-qxh9-r8xw-7v99","reference_id":"GHSA-qxh9-r8xw-7v99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxh9-r8xw-7v99"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2017-9111","GHSA-qxh9-r8xw-7v99"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uvs-zg72-ruc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96258?format=json","vulnerability_id":"VCID-9xsw-9z5g-b3b3","summary":"In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9115.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9115","reference_id":"","reference_type":"","scores":[{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.86282","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.86304","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.86306","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.86302","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.8629","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455537","reference_id":"1455537","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455537"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885","reference_id":"873885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2017-9115"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xsw-9z5g-b3b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52508?format=json","vulnerability_id":"VCID-9z23-8k84-2bhs","summary":"Integer Overflow or Wraparound\nBecause of integer overflows in `CompositeDeepScanLine::Data::handleDeepFrameBuffer` and `readSampleCountForLineBlock`, an attacker can write to an out-of-bounds pointer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11759.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11759.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11759","reference_id":"","reference_type":"","scores":[{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72015","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72056","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72063","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.7204","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72026","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72052","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829010","reference_id":"1829010","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444","reference_id":"959444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11759","reference_id":"CVE-2020-11759","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11759"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-11759"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9z23-8k84-2bhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52741?format=json","vulnerability_id":"VCID-a29p-2rbu-4fhh","summary":"Use After Free\nInvalid input could cause a use-after-free in `DeepScanLineInputFile::DeepScanLineInputFile()` in `IlmImf/ImfDeepScanLineInputFile.cpp`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15305.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15305","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31458","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31526","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31492","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31455","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31423","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31448","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852011","reference_id":"1852011","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852011"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15305","reference_id":"CVE-2020-15305","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15305"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4418-1/","reference_id":"USN-4418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-15305"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a29p-2rbu-4fhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53866?format=json","vulnerability_id":"VCID-a8hu-6zs3-sqd4","summary":"Out-of-bounds Write\nA head-based buffer overflow exists in OpenEXR in `writeTileData` in `ImfTiledOutputFile.cpp` can cause a denial of service via a crafted EXR file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16589.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16589.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16589","reference_id":"","reference_type":"","scores":[{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68182","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68221","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68229","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68206","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68223","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16589"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16589","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16589"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1929323","reference_id":"1929323","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1929323"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16589","reference_id":"CVE-2020-16589","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16589"},{"reference_url":"https://usn.ubuntu.com/4676-1/","reference_id":"USN-4676-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4676-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-16589"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8hu-6zs3-sqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54581?format=json","vulnerability_id":"VCID-b3xm-gpxa-xfg9","summary":"Out-of-bounds Write\nA heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23169.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23169","reference_id":"","reference_type":"","scores":[{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69003","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.6905","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69046","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.6903","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69042","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69052","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947612","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23169"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988240","reference_id":"988240","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988240"},{"reference_url":"https://security.archlinux.org/AVG-1862","reference_id":"AVG-1862","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1862"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23169","reference_id":"CVE-2021-23169","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23169"},{"reference_url":"https://security.gentoo.org/glsa/202210-31","reference_id":"GLSA-202210-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-23169"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3xm-gpxa-xfg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52502?format=json","vulnerability_id":"VCID-bg5x-yv9h-1qfx","summary":"Out-of-bounds Write\nThere is an out-of-bounds write in `copyIntoFrameBuffer` in `ImfMisc.cpp`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11764.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11764","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66537","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66577","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66585","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6657","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66556","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66573","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828990","reference_id":"1828990","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444","reference_id":"959444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11764","reference_id":"CVE-2020-11764","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11764"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4039","reference_id":"RHSA-2020:4039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4039"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-11764"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bg5x-yv9h-1qfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43599?format=json","vulnerability_id":"VCID-bpzu-jyex-3ygm","summary":"OpenEXR invalid read\nIn OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9112.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9112","reference_id":"","reference_type":"","scores":[{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74343","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74316","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74334","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74347","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74342","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74309","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9112"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/AcademySoftwareFoundation/openexr"},{"reference_url":"https://github.com/openexr/openexr/issues/232","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/issues/232"},{"reference_url":"https://github.com/openexr/openexr/pull/233","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/pull/233"},{"reference_url":"https://github.com/openexr/openexr/releases/tag/v2.2.1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/releases/tag/v2.2.1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"},{"reference_url":"https://usn.ubuntu.com/4148-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4148-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/05/12/5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2017/05/12/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455530","reference_id":"1455530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078","reference_id":"864078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9112","reference_id":"CVE-2017-9112","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9112"},{"reference_url":"https://github.com/advisories/GHSA-8m57-j273-2qg9","reference_id":"GHSA-8m57-j273-2qg9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8m57-j273-2qg9"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"}],"aliases":["CVE-2017-9112","GHSA-8m57-j273-2qg9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpzu-jyex-3ygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96261?format=json","vulnerability_id":"VCID-ca71-4ww1-nucu","summary":"makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18444.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18444.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18444","reference_id":"","reference_type":"","scores":[{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76363","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76391","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76393","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76384","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76372","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76395","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643094","reference_id":"1643094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643094"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2018-18444"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca71-4ww1-nucu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54283?format=json","vulnerability_id":"VCID-d5ef-ymg6-n7fn","summary":"Integer Overflow or Wraparound\nA crafted input file that is processed by OpenEXR could cause a shift overflow in the `FastHufDecoder`, potentially leading to problems with application availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3474.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3474.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3474","reference_id":"","reference_type":"","scores":[{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77452","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.7749","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77489","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77468","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77479","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3474"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939142","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3474"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796","reference_id":"986796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796"},{"reference_url":"https://security.archlinux.org/AVG-1746","reference_id":"AVG-1746","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1746"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3474","reference_id":"CVE-2021-3474","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3474"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4900-1/","reference_id":"USN-4900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4900-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3474"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5ef-ymg6-n7fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52511?format=json","vulnerability_id":"VCID-dstp-agrp-myhf","summary":"Out-of-bounds Read\nThere is an out-of-bounds read in `ImfOptimizedPixelReading.h`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11758.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11758","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69208","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69213","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69217","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69193","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829014","reference_id":"1829014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829014"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444","reference_id":"959444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11758","reference_id":"CVE-2020-11758","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11758"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-11758"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dstp-agrp-myhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96255?format=json","vulnerability_id":"VCID-dun1-9d71-3ydd","summary":"In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9110.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9110","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.6429","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64341","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64332","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64321","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64335","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64343","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9110"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455526","reference_id":"1455526","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455526"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078","reference_id":"864078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"}],"aliases":["CVE-2017-9110"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dun1-9d71-3ydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52505?format=json","vulnerability_id":"VCID-duvm-83qg-hbh7","summary":"Out-of-bounds Read\nThere is an out-of-bounds read during RLE uncompression in `rleUncompress` in `ImfRle.cpp`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11760.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11760","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69208","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69213","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69217","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69193","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829006","reference_id":"1829006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444","reference_id":"959444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11760","reference_id":"CVE-2020-11760","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11760"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-11760"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-duvm-83qg-hbh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54301?format=json","vulnerability_id":"VCID-f2fg-5zjx-z7dv","summary":"NULL Pointer Dereference\nA crafted input file supplied by an attacker that is processed by the `Dwa` decompression functionality of OpenEXR's `IlmImf` library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20296.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20296.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20296","reference_id":"","reference_type":"","scores":[{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77486","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77524","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77522","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77502","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77513","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20296"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939141","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20296"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796","reference_id":"986796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796"},{"reference_url":"https://security.archlinux.org/AVG-1746","reference_id":"AVG-1746","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1746"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20296","reference_id":"CVE-2021-20296","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20296"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4996-1/","reference_id":"USN-4996-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-1/"},{"reference_url":"https://usn.ubuntu.com/4996-2/","reference_id":"USN-4996-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5620-1/","reference_id":"USN-USN-5620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5620-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-20296"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2fg-5zjx-z7dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42580?format=json","vulnerability_id":"VCID-ff42-1sjm-d7dm","summary":"Integer Overflow or Wraparound\nA flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20303.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20303","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32277","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32349","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32318","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3228","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3225","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61928","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20303"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939151","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20303"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/pull/831","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/831"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20303","reference_id":"CVE-2021-20303","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-20303"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ff42-1sjm-d7dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96260?format=json","vulnerability_id":"VCID-fr2z-73k7-mbca","summary":"OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18443.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18443.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18443","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58647","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58694","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.587","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58693","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58678","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58692","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18443"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643093","reference_id":"1643093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643093"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2018-18443"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fr2z-73k7-mbca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52738?format=json","vulnerability_id":"VCID-k934-d8qy-4ucj","summary":"Out-of-bounds Write\nInvalid chunkCount attributes could cause a heap buffer overflow in `getChunkOffsetTableSize()` in `IlmImf/ImfMisc.cpp`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15306.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15306.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15306","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28543","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28616","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28576","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28538","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28505","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28509","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852006","reference_id":"1852006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852006"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15306","reference_id":"CVE-2020-15306","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15306"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4418-1/","reference_id":"USN-4418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-15306"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k934-d8qy-4ucj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96263?format=json","vulnerability_id":"VCID-ndm8-v4v1-d7h9","summary":"A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20298.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20298.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20298","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48242","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48305","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48308","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4829","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48262","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80576","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20298"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20298"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/pull/843","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/843"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939156","reference_id":"1939156","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939156"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-20298","reference_id":"CVE-2021-20298","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2021-20298"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20298","reference_id":"CVE-2021-20298","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20298"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-20298"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndm8-v4v1-d7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54293?format=json","vulnerability_id":"VCID-q429-192m-e3dt","summary":"Out-of-bounds Read\nThere's a flaw in OpenEXR's deep tile sample size calculations . An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3477.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3477","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58773","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58802","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58825","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58817","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58819","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939159","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3477"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796","reference_id":"986796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796"},{"reference_url":"https://security.archlinux.org/AVG-1746","reference_id":"AVG-1746","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1746"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3477","reference_id":"CVE-2021-3477","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3477"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"},{"reference_url":"https://usn.ubuntu.com/4900-1/","reference_id":"USN-4900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4900-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3477"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q429-192m-e3dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52740?format=json","vulnerability_id":"VCID-r6n7-wyje-1qac","summary":"NULL Pointer Dereference\nAn invalid tiled input file could cause invalid memory access in `TiledInputFile::TiledInputFile()` in `IlmImf/ImfTiledInputFile.cpp`, as demonstrated by a NULL pointer dereference.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15304.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15304","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30217","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30291","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30256","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30227","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30196","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30212","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852015","reference_id":"1852015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852015"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15304","reference_id":"CVE-2020-15304","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15304"},{"reference_url":"https://security.gentoo.org/glsa/202107-27","reference_id":"GLSA-202107-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-15304"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6n7-wyje-1qac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7276?format=json","vulnerability_id":"VCID-sjx2-83vv-mqgu","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3605.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3605.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3605","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.6416","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64119","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64148","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64163","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64171","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66293","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3605"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970991","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990899","reference_id":"990899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990899"},{"reference_url":"https://security.archlinux.org/AVG-2107","reference_id":"AVG-2107","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2107"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3605","reference_id":"CVE-2021-3605","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3605"},{"reference_url":"https://security.gentoo.org/glsa/202210-31","reference_id":"GLSA-202210-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-31"},{"reference_url":"https://usn.ubuntu.com/4996-1/","reference_id":"USN-4996-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-1/"},{"reference_url":"https://usn.ubuntu.com/4996-2/","reference_id":"USN-4996-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4996-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5620-1/","reference_id":"USN-USN-5620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5620-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3605"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjx2-83vv-mqgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96257?format=json","vulnerability_id":"VCID-svb6-ngpk-ryar","summary":"In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9114.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9114","reference_id":"","reference_type":"","scores":[{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69488","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69532","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69524","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69512","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69526","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69534","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9114"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455535","reference_id":"1455535","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455535"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078","reference_id":"864078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"}],"aliases":["CVE-2017-9114"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svb6-ngpk-ryar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42579?format=json","vulnerability_id":"VCID-tuzb-thjx-sbdy","summary":"Integer Overflow or Wraparound\nA flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20300.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20300.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20300","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60662","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60711","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60718","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60707","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6069","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60705","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20300"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939153","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20300"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr/pull/836","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AcademySoftwareFoundation/openexr/pull/836"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20300","reference_id":"CVE-2021-20300","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20300"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-20300"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuzb-thjx-sbdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53867?format=json","vulnerability_id":"VCID-vpqa-bk75-b3gz","summary":"NULL Pointer Dereference\nA Null Pointer Deference issue exists in OpenEXR in `generatePreview` of `makePreview.cpp` that can cause a denial of service via a crafted EXR file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16588.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16588.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16588","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5245","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52509","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52518","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52498","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52471","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52492","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16588"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16588","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16588"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1929315","reference_id":"1929315","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1929315"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16588","reference_id":"CVE-2020-16588","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16588"},{"reference_url":"https://usn.ubuntu.com/4676-1/","reference_id":"USN-4676-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4676-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2020-16588"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpqa-bk75-b3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96256?format=json","vulnerability_id":"VCID-vscr-wzh4-n3dz","summary":"In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9113.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9113","reference_id":"","reference_type":"","scores":[{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.85861","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.85865","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.85884","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.8588","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.85882","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455533","reference_id":"1455533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455533"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885","reference_id":"873885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516095?format=json","purl":"pkg:deb/debian/openexr@2.2.1-4.1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.2.1-4.1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2017-9113"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vscr-wzh4-n3dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42778?format=json","vulnerability_id":"VCID-wqnd-x1rf-a7dv","summary":"Integer Overflow or Wraparound\nAn integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3933.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3933.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3933","reference_id":"","reference_type":"","scores":[{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.6757","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67611","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67618","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67608","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67591","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67606","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3933"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019783","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014828","reference_id":"1014828","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014828"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3933","reference_id":"CVE-2021-3933","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3933"},{"reference_url":"https://security.gentoo.org/glsa/202210-31","reference_id":"GLSA-202210-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-31"},{"reference_url":"https://usn.ubuntu.com/5144-1/","reference_id":"USN-5144-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5144-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5620-1/","reference_id":"USN-USN-5620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5620-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195503?format=json","purl":"pkg:deb/debian/openexr@2.5.4-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3uec-7z51-73cd"},{"vulnerability":"VCID-8pwq-kn2q-2bek"},{"vulnerability":"VCID-dvtu-g8sv-bqfb"},{"vulnerability":"VCID-pqba-w8qh-97c2"},{"vulnerability":"VCID-qn33-asyh-y3hw"},{"vulnerability":"VCID-s2sa-d9bq-8qhm"},{"vulnerability":"VCID-z3bc-q1r6-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@2.5.4-2%252Bdeb11u1"}],"aliases":["CVE-2021-3933"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqnd-x1rf-a7dv"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96250?format=json","vulnerability_id":"VCID-dh5y-krmy-dqae","summary":"Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors.  NOTE: some of these details are obtained from third party information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1720.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1720","reference_id":"","reference_type":"","scores":[{"value":"0.19205","scoring_system":"epss","scoring_elements":"0.95478","published_at":"2026-06-04T12:55:00Z"},{"value":"0.19205","scoring_system":"epss","scoring_elements":"0.95485","published_at":"2026-06-05T12:55:00Z"},{"value":"0.19205","scoring_system":"epss","scoring_elements":"0.95488","published_at":"2026-06-06T12:55:00Z"},{"value":"0.19205","scoring_system":"epss","scoring_elements":"0.9549","published_at":"2026-06-07T12:55:00Z"},{"value":"0.19205","scoring_system":"epss","scoring_elements":"0.95491","published_at":"2026-06-08T12:55:00Z"},{"value":"0.19205","scoring_system":"epss","scoring_elements":"0.95495","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1720"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=513995","reference_id":"513995","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=513995"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540424","reference_id":"540424","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540424"},{"reference_url":"https://security.gentoo.org/glsa/201312-07","reference_id":"GLSA-201312-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-07"},{"reference_url":"https://usn.ubuntu.com/831-1/","reference_id":"USN-831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/831-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516091?format=json","purl":"pkg:deb/debian/openexr@1.6.1-4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2bx5-1h7d-xkg9"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3cha-7x64-qbdd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-bpzu-jyex-3ygm"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-dun1-9d71-3ydd"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-svb6-ngpk-ryar"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@1.6.1-4.1"}],"aliases":["CVE-2009-1720"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dh5y-krmy-dqae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96251?format=json","vulnerability_id":"VCID-qkh9-y1mg-3bey","summary":"The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1721.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1721","reference_id":"","reference_type":"","scores":[{"value":"0.25346","scoring_system":"epss","scoring_elements":"0.96309","published_at":"2026-06-04T12:55:00Z"},{"value":"0.25346","scoring_system":"epss","scoring_elements":"0.96314","published_at":"2026-06-05T12:55:00Z"},{"value":"0.25346","scoring_system":"epss","scoring_elements":"0.96318","published_at":"2026-06-08T12:55:00Z"},{"value":"0.25346","scoring_system":"epss","scoring_elements":"0.96324","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=514003","reference_id":"514003","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=514003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540424","reference_id":"540424","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540424"},{"reference_url":"https://security.gentoo.org/glsa/201312-07","reference_id":"GLSA-201312-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-07"},{"reference_url":"https://usn.ubuntu.com/831-1/","reference_id":"USN-831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/831-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516091?format=json","purl":"pkg:deb/debian/openexr@1.6.1-4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16pc-89jd-jyck"},{"vulnerability":"VCID-18jc-a8t8-jqgh"},{"vulnerability":"VCID-1v21-5hnx-jbhq"},{"vulnerability":"VCID-29pv-pzhu-zfbj"},{"vulnerability":"VCID-2bx5-1h7d-xkg9"},{"vulnerability":"VCID-2mjs-t6hr-6kck"},{"vulnerability":"VCID-2vkx-6ytf-8kcd"},{"vulnerability":"VCID-3cha-7x64-qbdd"},{"vulnerability":"VCID-3qpb-771k-e3fv"},{"vulnerability":"VCID-4ztd-m43n-7fas"},{"vulnerability":"VCID-5b1h-ubrs-5udw"},{"vulnerability":"VCID-5h3s-6g7x-y7ev"},{"vulnerability":"VCID-5mtn-211g-fffn"},{"vulnerability":"VCID-619d-rwc5-3ya3"},{"vulnerability":"VCID-6nd2-9m93-eydr"},{"vulnerability":"VCID-6zbn-va8u-nuew"},{"vulnerability":"VCID-71da-vybz-2kat"},{"vulnerability":"VCID-7wum-rugz-73au"},{"vulnerability":"VCID-9225-wpup-z3h6"},{"vulnerability":"VCID-9uvs-zg72-ruc1"},{"vulnerability":"VCID-9xsw-9z5g-b3b3"},{"vulnerability":"VCID-9z23-8k84-2bhs"},{"vulnerability":"VCID-a29p-2rbu-4fhh"},{"vulnerability":"VCID-a8hu-6zs3-sqd4"},{"vulnerability":"VCID-b3xm-gpxa-xfg9"},{"vulnerability":"VCID-bg5x-yv9h-1qfx"},{"vulnerability":"VCID-bpzu-jyex-3ygm"},{"vulnerability":"VCID-ca71-4ww1-nucu"},{"vulnerability":"VCID-d5ef-ymg6-n7fn"},{"vulnerability":"VCID-dstp-agrp-myhf"},{"vulnerability":"VCID-dun1-9d71-3ydd"},{"vulnerability":"VCID-duvm-83qg-hbh7"},{"vulnerability":"VCID-f2fg-5zjx-z7dv"},{"vulnerability":"VCID-ff42-1sjm-d7dm"},{"vulnerability":"VCID-fr2z-73k7-mbca"},{"vulnerability":"VCID-k934-d8qy-4ucj"},{"vulnerability":"VCID-ndm8-v4v1-d7h9"},{"vulnerability":"VCID-q429-192m-e3dt"},{"vulnerability":"VCID-r6n7-wyje-1qac"},{"vulnerability":"VCID-sjx2-83vv-mqgu"},{"vulnerability":"VCID-svb6-ngpk-ryar"},{"vulnerability":"VCID-tuzb-thjx-sbdy"},{"vulnerability":"VCID-vpqa-bk75-b3gz"},{"vulnerability":"VCID-vscr-wzh4-n3dz"},{"vulnerability":"VCID-wqnd-x1rf-a7dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@1.6.1-4.1"}],"aliases":["CVE-2009-1721"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkh9-y1mg-3bey"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openexr@1.6.1-4.1"}