from 0, < 2.2.1
HIGH7.8CVE-2026-34588OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write >= 3.1.0, < 3.2.7
HIGH7.8CVE-2025-64182OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel() >= 3.2.0, < 3.2.5
HIGH7.8OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write
>= 2.3.0, < 3.2.6
HIGH7.8OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
>= 3.3.0, < 3.3.3
HIGH7.5OpenEXR has use after free in PyObject_StealAttrString
>= 3.2.0, < 3.2.5
HIGH7.5OpenEXR Makes Use of Uninitialized Memory
>= 3.3.0, < 3.3.6
HIGH7.5OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)
>= 3.4.0, < 3.4.8
HIGH7.3OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
>= 3.4.0, < 3.4.8
MEDIUM6.5OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
>= 3.3.0, < 3.3.7
MEDIUM6.5OpenEXR invalid read
from 0, < 2.2.1
MEDIUM5.5OpenEXR Out-Of-Memory via Unbounded File Header Values
>= 3.3.2, < 3.3.3
MEDIUM5.0OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
>= 3.2.0, < 3.2.7
—OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
>= 3.3.2, < 3.3.3
—OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
>= 3.3.2, < 3.3.3