Veracode Vulnerability DatabaseVERACODE:26761Denial Of Service (DoS)
EPSS
Percentile
14.2%
OpenEXR is vulnerable to denial of service. A NULL pointer dereference in the function TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp allows an attacker to cause a denial of service condition via an invalid tiled input file.
References
lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html
github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md
github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md
github.com/AcademySoftwareFoundation/openexr/pull/727
github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2
lists.fedoraproject.org/archives/list/[email protected]/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/
lists.fedoraproject.org/archives/list/[email protected]/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/
security.gentoo.org/glsa/202107-27
Related
