FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-03 16:31:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c71a3914-ba96-11f0-aada-f59a8ea34d12OpenEXR < 3.4.3 -- multiple vulnerabilities

Cary Phillips reports:

Patch release that addresses several bugs, primarily involving properly rejecting corrupt input data.

He goes on to report various relevant items including heap buffer overflows, use-after-free, use of uninitialized memory and other bugs, several of them found by OSS-fuzz, and some also found in OpenJPH.


Discovery 2025-10-29
Entry 2025-11-05
openexr
< 3.4.3

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.3
716d25a6-0fdc-11f1-bfdf-ff9355aecb00openexr -- buffer overflow in istream_nonparallel_read on invalid input data

Cary Phillips reports:

[openexr] v3.4.5 [...] fixes an incorrect size check in istream_nonparallel_read that could lead to a buffer overflow on invalid input data.


Discovery 2026-02-16
Entry 2026-02-22
openexr
< 3.3.7

>= 3.4.0 lt 3.4.5

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.5
https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef