FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-11-27 04:24:38 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c71a3914-ba96-11f0-aada-f59a8ea34d12	OpenEXR < 3.4.3 -- multiple vulnerabilities Cary Phillips reports: Patch release that addresses several bugs, primarily involving properly rejecting corrupt input data. He goes on to report various relevant items including heap buffer overflows, use-after-free, use of uninitialized memory and other bugs, several of them found by OSS-fuzz, and some also found in OpenJPH. Discovery 2025-10-29 Entry 2025-11-05 openexr < 3.4.3 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.3
f161a5ad-c9bd-11ee-b7a7-353f1e043d9a	openexr -- Heap Overflow in Scanline Deep Data Parsing Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. [...] it is in a routine that is predominantly used for development and testing. It is not likely to appear in production code. Discovery 2023-10-26 Entry 2024-02-12 openexr < 3.1.12 >= 3.2.0 lt 3.2.2 CVE-2023-5841 https://takeonme.org/cves/CVE-2023-5841.html https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2

VuXML ID

Description

c71a3914-ba96-11f0-aada-f59a8ea34d12

OpenEXR < 3.4.3 -- multiple vulnerabilities

Cary Phillips reports:

Patch release that addresses several bugs, primarily involving properly rejecting corrupt input data.

He goes on to report various relevant items including heap buffer overflows, use-after-free, use of uninitialized memory and other bugs, several of them found by OSS-fuzz, and some also found in OpenJPH.

Discovery 2025-10-29
Entry 2025-11-05
openexr

< 3.4.3

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.3

f161a5ad-c9bd-11ee-b7a7-353f1e043d9a

openexr -- Heap Overflow in Scanline Deep Data Parsing

Austin Hackers Anonymous report:

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability.

[...] it is in a routine that is predominantly used for development and testing. It is not likely to appear in production code.

Discovery 2023-10-26
Entry 2024-02-12
openexr

< 3.1.12

>= 3.2.0 lt 3.2.2

CVE-2023-5841
https://takeonme.org/cves/CVE-2023-5841.html
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2