tinyexr_project CVE Vulnerabilities & Metrics

Focus on tinyexr_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About tinyexr_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with tinyexr_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total tinyexr_project CVEs: 13
Earliest CVE date: 08 Jun 2018, 12:29 UTC
Latest CVE date: 06 Sep 2022, 23:15 UTC

Latest CVE reference: CVE-2022-38529

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical tinyexr_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.42

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	8
7.0-8.9	4
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS tinyexr_project CVEs

These are the five CVEs with the highest CVSS scores for tinyexr_project, sorted by severity first and recency.

CVE-2018-12688 tinyexr_project Published on 22 Jun 2018, 19:29 UTC (CVSS: 7.5)
tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.
CVE-2018-12503 tinyexr_project Published on 16 Jun 2018, 15:29 UTC (CVSS: 7.5)
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.
CVE-2018-12092 tinyexr_project Published on 11 Jun 2018, 11:29 UTC (CVSS: 7.5)
tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.
CVE-2018-12064 tinyexr_project Published on 08 Jun 2018, 12:29 UTC (CVSS: 7.5)
tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.
CVE-2022-34300 tinyexr_project Published on 23 Jun 2022, 17:15 UTC (CVSS: 6.8)
In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.

All CVEs for tinyexr_project

CVE-2022-38529 tinyexr_project vulnerability CVSS: 0 06 Sep 2022, 23:15 UTC

tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress.

CVE-2022-34300 tinyexr_project vulnerability CVSS: 6.8 23 Jun 2022, 17:15 UTC

In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.

CVE-2020-18430 tinyexr_project vulnerability CVSS: 5.0 26 Jul 2021, 22:15 UTC

tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).

CVE-2020-18428 tinyexr_project vulnerability CVSS: 5.0 26 Jul 2021, 22:15 UTC

tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).

CVE-2020-19490 tinyexr_project vulnerability CVSS: 4.3 21 Jul 2021, 18:15 UTC

tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.

CVE-2018-20652 tinyexr_project vulnerability CVSS: 4.3 01 Jan 2019, 16:29 UTC

An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception.

CVE-2018-12688 tinyexr_project vulnerability CVSS: 7.5 22 Jun 2018, 19:29 UTC

tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.

CVE-2018-12687 tinyexr_project vulnerability CVSS: 5.0 22 Jun 2018, 19:29 UTC

tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.

CVE-2018-12504 tinyexr_project vulnerability CVSS: 5.0 16 Jun 2018, 15:29 UTC

tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.

CVE-2018-12503 tinyexr_project vulnerability CVSS: 7.5 16 Jun 2018, 15:29 UTC

tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.

CVE-2018-12093 tinyexr_project vulnerability CVSS: 5.0 11 Jun 2018, 11:29 UTC

tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.

CVE-2018-12092 tinyexr_project vulnerability CVSS: 7.5 11 Jun 2018, 11:29 UTC

tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.

CVE-2018-12064 tinyexr_project vulnerability CVSS: 7.5 08 Jun 2018, 12:29 UTC

tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.