EPSS
Percentile
34.8%
libtinyexr.so is vulnerable to heap-based buffer overflow. The vulnerability exist in the DecompressRle function in tinyexr.h due to lack of address validation, allowing an attacker to cause memory corruption.
DecompressRle
tinyexr.h
github.com/advisories/GHSA-7xrv-xxvm-f2hx
github.com/syoyo/tinyexr/commit/0647fb3e0e65d21af354b43bdd9a0acf2913a996
github.com/syoyo/tinyexr/issues/169