EPSS
Percentile
45.1%
openexr is vulnerable to denial of service. A NULL pointer dereference in Imf_2_5::Header::operator allows an attacker to crash the application via a malicious multi-part input file.
Imf_2_5::Header::operator
bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740
bugzilla.redhat.com/show_bug.cgi?id=1939154
github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f
security-tracker.debian.org/tracker/CVE-2021-20299