Loading pkgs/by-name/ge/gegl/package.nix +2 −2 Original line number Diff line number Diff line Loading @@ -29,7 +29,7 @@ gexiv2, libwebp, luajit, openexr_2, openexr, suitesparse, withLuaJIT ? lib.meta.availableOn stdenv.hostPlatform luajit, gimp, Loading Loading @@ -77,7 +77,7 @@ stdenv.mkDerivation (finalAttrs: { libraw libwebp gexiv2 openexr_2 openexr suitesparse ] ++ lib.optionals stdenv.cc.isClang [ Loading pkgs/by-name/il/ilmbase/package.nix +1 −1 Original line number Diff line number Diff line Loading @@ -38,6 +38,6 @@ stdenv.mkDerivation { homepage = "https://www.openexr.com/"; license = lib.licenses.bsd3; platforms = lib.platforms.all; insecure = true; inherit (openexr_2.meta) knownVulnerabilities; }; } pkgs/development/libraries/openexr/2.nix +15 −1 Original line number Diff line number Diff line Loading @@ -75,6 +75,20 @@ stdenv.mkDerivation rec { homepage = "https://www.openexr.com/"; license = lib.licenses.bsd3; platforms = lib.platforms.all; insecure = true; knownVulnerabilities = [ "CVE-2021-3598: ImfDeepScanLineInputFile Out-of-Bounds Read" "CVE-2021-3605: rleUncompress Out-of-Bounds Read" "CVE-2021-3933: Integer Overflow Vulnerability in File Processing on 32-bit Systems" "CVE-2021-23169: copyIntoFrameBuffer Heap Buffer Overflow Leading to Arbitrary Code Execution" "CVE-2021-23215: DwaCompressor Integer Overflow Leads to Heap Buffer Overflow" "CVE-2021-26260: DwaCompressor Integer Overflow Leading to Heap Buffer Overflow" "CVE-2021-26945: Integer Overflow Leading to Heap Buffer Overflow" "CVE-2023-5841: Heap Overflow in Scanline Deep Data Parsing" "CVE-2024-31047: convert Function Denial of Service" "CVE-2025-12495: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2025-12839: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2025-12840: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2026-27622: CompositeDeepScanLine integer-overflow leads to heap OOB write" ]; }; } Loading
pkgs/by-name/ge/gegl/package.nix +2 −2 Original line number Diff line number Diff line Loading @@ -29,7 +29,7 @@ gexiv2, libwebp, luajit, openexr_2, openexr, suitesparse, withLuaJIT ? lib.meta.availableOn stdenv.hostPlatform luajit, gimp, Loading Loading @@ -77,7 +77,7 @@ stdenv.mkDerivation (finalAttrs: { libraw libwebp gexiv2 openexr_2 openexr suitesparse ] ++ lib.optionals stdenv.cc.isClang [ Loading
pkgs/by-name/il/ilmbase/package.nix +1 −1 Original line number Diff line number Diff line Loading @@ -38,6 +38,6 @@ stdenv.mkDerivation { homepage = "https://www.openexr.com/"; license = lib.licenses.bsd3; platforms = lib.platforms.all; insecure = true; inherit (openexr_2.meta) knownVulnerabilities; }; }
pkgs/development/libraries/openexr/2.nix +15 −1 Original line number Diff line number Diff line Loading @@ -75,6 +75,20 @@ stdenv.mkDerivation rec { homepage = "https://www.openexr.com/"; license = lib.licenses.bsd3; platforms = lib.platforms.all; insecure = true; knownVulnerabilities = [ "CVE-2021-3598: ImfDeepScanLineInputFile Out-of-Bounds Read" "CVE-2021-3605: rleUncompress Out-of-Bounds Read" "CVE-2021-3933: Integer Overflow Vulnerability in File Processing on 32-bit Systems" "CVE-2021-23169: copyIntoFrameBuffer Heap Buffer Overflow Leading to Arbitrary Code Execution" "CVE-2021-23215: DwaCompressor Integer Overflow Leads to Heap Buffer Overflow" "CVE-2021-26260: DwaCompressor Integer Overflow Leading to Heap Buffer Overflow" "CVE-2021-26945: Integer Overflow Leading to Heap Buffer Overflow" "CVE-2023-5841: Heap Overflow in Scanline Deep Data Parsing" "CVE-2024-31047: convert Function Denial of Service" "CVE-2025-12495: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2025-12839: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2025-12840: EXR File Parsing Heap-based Buffer Overflow Remote Code Execution" "CVE-2026-27622: CompositeDeepScanLine integer-overflow leads to heap OOB write" ]; }; }
