Debian Package Tracker
Register | Log in
Subscribe

openexr

command-line tools for the OpenEXR image format

Choose email to subscribe with

general
  • source: openexr (main)
  • version: 2.5.4-1
  • maintainer: Debian PhotoTools Maintainers (archive) (DMD)
  • uploaders: Matteo F. Vescovi [DMD] – Mathieu Malaterre [DMD]
  • arch: all any
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 2.2.0-11
  • old-sec: 2.2.0-11+deb9u2
  • stable: 2.2.1-4.1+deb10u1
  • stable-sec: 2.2.1-4.1+deb10u1
  • testing: 2.5.4-1
  • unstable: 2.5.4-1
versioned links
  • 2.2.0-11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.2.0-11+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.2.1-4.1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.3.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.5.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libopenexr-dev
  • libopenexr25
  • openexr (1 bugs: 0, 1, 0, 0)
  • openexr-doc
action needed
A new upstream version is available: 3.0.1-beta high
A new upstream version 3.0.1-beta is available, you should consider packaging it.
Created: 2021-02-15 Last update: 2021-04-18 14:01
7 security issues in sid high

There are 7 open security issues in sid.

7 important issues:
  • CVE-2021-20296: A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
  • CVE-2021-3474: There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
  • CVE-2021-3475: There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
  • CVE-2021-3476: A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
  • CVE-2021-3477: There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
  • CVE-2021-3478: There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
  • CVE-2021-3479: There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
Created: 2021-03-31 Last update: 2021-04-12 18:00
7 security issues in bullseye high

There are 7 open security issues in bullseye.

7 important issues:
  • CVE-2021-20296: A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
  • CVE-2021-3474: There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
  • CVE-2021-3475: There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
  • CVE-2021-3476: A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
  • CVE-2021-3477: There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
  • CVE-2021-3478: There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
  • CVE-2021-3479: There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
Created: 2021-03-31 Last update: 2021-04-12 18:00
lintian reports 3 warnings normal
Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-01-27 Last update: 2021-01-27 03:04
10 low-priority security issues in buster low

There are 10 open security issues in buster.

10 issues left for the package maintainer to handle:
  • CVE-2020-16587: (needs triaging) A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
  • CVE-2020-16588: (needs triaging) A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
  • CVE-2020-16589: (needs triaging) A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
  • CVE-2021-20296: (needs triaging) A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
  • CVE-2021-3474: (needs triaging) There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
  • CVE-2021-3475: (needs triaging) There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
  • CVE-2021-3476: (needs triaging) A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
  • CVE-2021-3477: (needs triaging) There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
  • CVE-2021-3478: (needs triaging) There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
  • CVE-2021-3479: (needs triaging) There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-04-12 18:00
Build log checks report 2 warnings low
Build log checks report 2 warnings
Created: 2019-09-03 Last update: 2020-08-22 04:00
news
[rss feed]
  • [2021-01-27] openexr 2.5.4-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-21] Accepted openexr 2.5.4-1 (source) into unstable (Matteo F. Vescovi)
  • [2020-12-13] Accepted openexr 2.2.0-11+deb9u2 (source amd64 all) into oldstable (Chris Lamb)
  • [2020-09-05] Accepted openexr 2.2.1-4.1+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
  • [2020-08-30] Accepted openexr 2.2.0-11+deb9u1 (source) into oldstable (Adrian Bunk)
  • [2020-08-29] Accepted openexr 2.2.1-4.1+deb10u1 (source amd64 all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
  • [2020-08-27] openexr 2.5.3-2 MIGRATED to testing (Debian testing watch)
  • [2020-08-21] Accepted openexr 2.5.3-2 (source) into unstable (Matteo F. Vescovi)
  • [2020-08-15] Accepted openexr 2.5.3-1 (source) into experimental (Matteo F. Vescovi)
  • [2020-08-06] Accepted openexr 2.5.2-2 (source) into experimental (Matteo F. Vescovi)
  • [2020-08-06] Accepted openexr 2.5.2-1 (source) into experimental (Matteo F. Vescovi)
  • [2020-06-12] Accepted openexr 2.5.1-2 (source) into experimental (Matteo F. Vescovi)
  • [2020-06-10] Accepted openexr 2.5.1-1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Matteo F. Vescovi)
  • [2020-05-11] Accepted openexr 2.5.0-1 (source) into experimental (Matteo F. Vescovi)
  • [2019-09-08] openexr 2.3.0-6 MIGRATED to testing (Debian testing watch)
  • [2019-09-02] Accepted openexr 2.3.0-6 (source) into unstable (Matteo F. Vescovi)
  • [2019-04-02] openexr 2.2.1-4.1 MIGRATED to testing (Debian testing watch)
  • [2019-03-27] Accepted openexr 2.2.1-4.1 (source i386 all) into unstable (Steinar H. Gunderson)
  • [2019-01-09] Accepted openexr 2.3.0-5 (source) into experimental (Mathieu Malaterre)
  • [2019-01-01] Accepted openexr 2.3.0-4 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
  • [2018-12-19] Accepted openexr 2.3.0-3 (source) into experimental (Mathieu Malaterre)
  • [2018-11-15] Accepted openexr 2.3.0-2 (source) into experimental (Matteo F. Vescovi)
  • [2018-11-10] Accepted openexr 2.3.0-1 (source) into experimental (Matteo F. Vescovi)
  • [2018-03-16] openexr 2.2.1-4 MIGRATED to testing (Debian testing watch)
  • [2018-03-11] Accepted openexr 2.2.1-4 (source) into unstable (Matteo F. Vescovi)
  • [2018-03-10] Accepted openexr 2.2.1-3 (source) into experimental (Matteo F. Vescovi)
  • [2018-03-08] Accepted openexr 2.2.1-2 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
  • [2018-01-10] Accepted openexr 2.2.1-1 (source amd64 all) into experimental (Matteo F. Vescovi) (signed by: Mathieu Malaterre)
  • [2017-09-03] openexr 2.2.0-11.1 MIGRATED to testing (Debian testing watch)
  • [2017-08-31] Accepted openexr 2.2.0-11.1 (source) into unstable (Markus Koschany)
  • 1
  • 2
bugs [bug history graph]
  • all: 3
  • RC: 0
  • I&N: 1
  • M&W: 2
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 3)
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.5.4-1
  • 1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing