Security Policy

Reporting a Vulnerability

If you think you've found a potential vulnerability in OpenEXR, please report it by emailing security@openexr.com. Only Technical Steering Committee members and Academy Software Foundation project management have access to these messages. Include detailed steps to reproduce the issue, and any other information that could aid an investigation. Our policy is to respond to vulnerability reports within 14 days.

Our policy is to address critical security vulnerabilities rapidly and post patches as quickly as possible.

Known Vulnerabilities

These vulnerabilities are present in the given versions:

CVE-2021-45942 3.1.0, 3.1.1, 3.1.2, 3.1.3
CVE-2021-20296 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3
CVE-2021-3479 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3
CVE-2021-3478 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3
CVE-2021-3477 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3
CVE-2021-3476 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3
CVE-2021-3475 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3
CVE-2021-3474 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3
CVE-2020-16589 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
CVE-2020-16588 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
CVE-2020-16587 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
CVE-2020-15306 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.5.1
CVE-2020-15305 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.5.1
CVE-2020-15304 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.5.1
CVE-2020-11765 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0
CVE-2020-11764 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0
CVE-2020-11763 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0
CVE-2020-11762 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0
CVE-2020-11761 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0
CVE-2020-11760 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0
CVE-2020-11759 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0
CVE-2020-11758 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0
CVE-2018-18444 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
CVE-2018-18443 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
CVE-2017-9116 2.0.0, 2.0.1, 2.1.0, 2.2.0
CVE-2017-9115 2.0.0, 2.0.1, 2.1.0, 2.2.0
CVE-2017-9114 2.0.0, 2.0.1, 2.1.0, 2.2.0
CVE-2017-9113 2.0.0, 2.0.1, 2.1.0, 2.2.0
CVE-2017-9112 2.0.0, 2.0.1, 2.1.0, 2.2.0
CVE-2017-9111 2.0.0, 2.0.1, 2.1.0, 2.2.0
CVE-2017-9110 2.0.0, 2.0.1, 2.1.0, 2.2.0
CVE-2017-12596 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
CVE-2009-1722 1.0., 1.1., 1.2., 1.3., 1.4., 1.5., 1.6.*
CVE-2009-1721 1.0., 1.1., 1.2., 1.3., 1.4., 1.5., 1.6.*
CVE-2009-1720 1.0., 1.1., 1.2., 1.3., 1.4., 1.5., 1.6.*

See the release notes for more information.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Known Vulnerabilities

There aren’t any published security advisories

Security: peterhillman/openexr

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Known Vulnerabilities

There aren’t any published security advisories