FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-05-05 16:10:25 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
716d25a6-0fdc-11f1-bfdf-ff9355aecb00openexr -- buffer overflow in istream_nonparallel_read on invalid input data

Cary Phillips reports:

[openexr] v3.4.5 [...] fixes an incorrect size check in istream_nonparallel_read that could lead to a buffer overflow on invalid input data.


Discovery 2026-02-16
Entry 2026-02-22
openexr
< 3.3.7

>= 3.4.0 lt 3.4.5

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.5
https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef
adb096d4-2e72-11f1-acc1-339a1a6999b0openexr -- multiple vulnerabilities

Cary Phillips reports:

[OpenEXR 3.4.9] addresses the following CVEs:

  • CVE-2026-34589 DWA Lossy Decoder Heap Out-of-Bounds Write
  • CVE-2026-34588 Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
  • CVE-2026-34380 Signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression
  • CVE-2026-34379 Misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)
  • CVE-2026-34378 Signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x

Discovery 2026-03-26
Entry 2026-04-02
openexr
< 3.4.9

CVE-2026-34589
CVE-2026-34588
CVE-2026-34380
CVE-2026-34379
CVE-2026-34378
https://github.com/AcademySoftwareFoundation/openexr/blob/v3.4.9-rc/CHANGES.md#version-349-april--3-2026
https://lists.aswf.io/g/openexr-dev/message/5436