Loading pkgs/development/libraries/openexr/2.nix +15 −1 Original line number Diff line number Diff line Loading @@ -75,6 +75,20 @@ stdenv.mkDerivation rec { homepage = "https://www.openexr.com/"; license = lib.licenses.bsd3; platforms = lib.platforms.all; insecure = true; knownVulnerabilities = [ "CVE-2021-3598: ImfDeepScanLineInputFile Out-of-Bounds Read" "CVE-2021-3605: rleUncompress Out-of-Bounds Read" "CVE-2021-3933: Integer Overflow Vulnerability in File Processing on 32-bit Systems" "CVE-2021-23169: copyIntoFrameBuffer Heap Buffer Overflow Leading to Arbitrary Code Execution" "CVE-2021-23215: DwaCompressor Integer Overflow Leads to Heap Buffer Overflow" "CVE-2021-26260: DwaCompressor Integer Overflow Leading to Heap Buffer Overflow" "CVE-2021-26945: Integer Overflow Leading to Heap Buffer Overflow" "CVE-2023-5841: Heap Overflow in Scanline Deep Data Parsing" "CVE-2024-31047: convert Function Denial of Service" "CVE-2025-12495: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2025-12839: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2025-12840: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2026-27622: CompositeDeepScanLine integer-overflow leads to heap OOB write" ]; }; } Loading
pkgs/development/libraries/openexr/2.nix +15 −1 Original line number Diff line number Diff line Loading @@ -75,6 +75,20 @@ stdenv.mkDerivation rec { homepage = "https://www.openexr.com/"; license = lib.licenses.bsd3; platforms = lib.platforms.all; insecure = true; knownVulnerabilities = [ "CVE-2021-3598: ImfDeepScanLineInputFile Out-of-Bounds Read" "CVE-2021-3605: rleUncompress Out-of-Bounds Read" "CVE-2021-3933: Integer Overflow Vulnerability in File Processing on 32-bit Systems" "CVE-2021-23169: copyIntoFrameBuffer Heap Buffer Overflow Leading to Arbitrary Code Execution" "CVE-2021-23215: DwaCompressor Integer Overflow Leads to Heap Buffer Overflow" "CVE-2021-26260: DwaCompressor Integer Overflow Leading to Heap Buffer Overflow" "CVE-2021-26945: Integer Overflow Leading to Heap Buffer Overflow" "CVE-2023-5841: Heap Overflow in Scanline Deep Data Parsing" "CVE-2024-31047: convert Function Denial of Service" "CVE-2025-12495: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2025-12839: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2025-12840: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2026-27622: CompositeDeepScanLine integer-overflow leads to heap OOB write" ]; }; }
