CVE-2021-3474	30.03.21 20:15
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted
input file that is processed by OpenEXR could cause a shift overflow in
the FastHufDecoder, potentially leading to problems with application
availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f

CVE-2021-3476	30.03.21 20:15
A flaw was found in OpenEXR's B44 uncompression functionality in
versions before 3.0.0-beta. An attacker who is able to submit a crafted
file to OpenEXR could trigger shift overflows, potentially affecting
application availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9

CVE-2021-3475	30.03.21 20:15
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker
who can submit a crafted file to be processed by OpenEXR could cause an
integer overflow, potentially leading to problems with application
availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753

I could not check if these flaws affect the 2.5.2 version packaged in
GNU Guix yet.