Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2019-16138

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::setlen is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution...

Use after free in image

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

[SECURITY] [DLA 2732-1] openexr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2732-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler August 04, 2021 https://wiki.debian.org/LTS -...

Industrial Light and Magic OpenEXR Out-of-Bounds Read Vulnerability (CNVD-2020-24151)

Industrial Light and Magic LIM OpenEXR is an image file format from Industrial Light and Magic LIM, USA, for high dynamic range HDR images. An out-of-bounds read vulnerability exists in the ImfOptimizedPixelReading.h file in LIM OpenEXR versions prior to 2.4.1, which can be exploited by an attack...

CVE-2019-16138

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::setlen is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution...