CVE-2020-19490

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-19490
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19490.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-19490
Downstream
Published
2021-07-21T18:15:08.993Z
Modified
2026-04-11T09:46:19.674650Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.

References

Affected packages

Git / github.com/syoyo/tinyexr

Affected ranges

Type
GIT
Repo
https://github.com/syoyo/tinyexr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
46d5063d69d0264ccb200c50ae26b03d64ccd85e
Fixed
a685e3332f61cd4e59324bf3f669d36973d64270
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.5"
        }
    ]
}

Affected versions

v0.*
v0.9.0
v0.9.5

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2020-19490-725d121a",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "297429979349668358402634876186982964259",
                "272632846852097495337284392297591863299",
                "303738061881940993879520472580368904255",
                "223083163774423906403667097889341368640",
                "173893806060302945319341622658961572001",
                "234021211436350851832609685376432370502",
                "154208281039550887841787738598023034211",
                "95649749890464200514918539052602959962",
                "104097192958257950091807882982627548309",
                "325890011009550886248855723699409533900",
                "22184164232455613885168929709494227778",
                "175289827515076744946197051436755506335",
                "16638799801869699080718691534128843075",
                "205705848406996850506841543804391675264"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/syoyo/tinyexr/commit/a685e3332f61cd4e59324bf3f669d36973d64270",
        "target": {
            "file": "tinyexr.h"
        },
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19490.json"
vanir_signatures_modified 
"2026-04-11T09:46:19Z"