There’s a flaw in OpenEXR’s Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | openexr | <Â 2.5.4-r0 | UNKNOWN |
Alpine | 3.13-community | noarch | openexr | <Â 2.5.4-r0 | UNKNOWN |
Alpine | 3.14-community | noarch | openexr | <Â 2.5.4-r0 | UNKNOWN |
Alpine | 3.15-community | noarch | openexr | <Â 2.5.4-r0 | UNKNOWN |
Alpine | 3.16-community | noarch | openexr | <Â 2.5.4-r0 | UNKNOWN |
Alpine | 3.17-community | noarch | openexr | <Â 2.5.4-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | openexr | <Â 2.5.4-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | openexr | <Â 2.5.4-r0 | UNKNOWN |
Alpine | 3.20-community | noarch | openexr | <Â 2.5.4-r0 | UNKNOWN |