Openexr: >> Openexr >> 3.0.5 Security Vulnerabilities
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
CVSS Score
9.1
EPSS Score
0.005
Published
2024-02-01
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-25