OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HOpenexr
APPOpenexr3.3.0 β 3.3.7 (bez)3.4.0 β 3.4.5 (bez)
Related vulnerabilities
Heap-based buffer overflow w bibliotece OpenEXR przy parsowaniu deep scanline
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion ...
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...