{"id":"CVE-2020-19490","details":"tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.","modified":"2026-04-11T09:46:19.674650Z","published":"2021-07-21T18:15:08.993Z","references":[{"type":"FIX","url":"https://github.com/syoyo/tinyexr/commit/a685e3332f61cd4e59324bf3f669d36973d64270"},{"type":"EVIDENCE","url":"https://github.com/syoyo/tinyexr/issues/124"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/syoyo/tinyexr","events":[{"introduced":"0"},{"last_affected":"46d5063d69d0264ccb200c50ae26b03d64ccd85e"},{"fixed":"a685e3332f61cd4e59324bf3f669d36973d64270"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.5"}]}}],"versions":["v0.9.0","v0.9.5"],"database_specific":{"vanir_signatures_modified":"2026-04-11T09:46:19Z","vanir_signatures":[{"target":{"file":"tinyexr.h"},"digest":{"line_hashes":["297429979349668358402634876186982964259","272632846852097495337284392297591863299","303738061881940993879520472580368904255","223083163774423906403667097889341368640","173893806060302945319341622658961572001","234021211436350851832609685376432370502","154208281039550887841787738598023034211","95649749890464200514918539052602959962","104097192958257950091807882982627548309","325890011009550886248855723699409533900","22184164232455613885168929709494227778","175289827515076744946197051436755506335","16638799801869699080718691534128843075","205705848406996850506841543804391675264"],"threshold":0.9},"signature_type":"Line","source":"https://github.com/syoyo/tinyexr/commit/a685e3332f61cd4e59324bf3f669d36973d64270","deprecated":false,"signature_version":"v1","id":"CVE-2020-19490-725d121a"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19490.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}