Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the LossyDctDecoderexecute process when decoding DWA or DWAB-compressed files containing FLOAT-type channels. An attacker can cause undefined behavior, potentially leading to application crashes or...

OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute

Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. Details In the LossyDctDecoderexecute function from...

GHSA-4R7W-Q3JG-FF43 OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute

Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. Details In the LossyDctDecoderexecute function from...

OSV-2023-445 Heap-buffer-overflow in LossyDctDecoder_execute

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59457 Crash type: Heap-buffer-overflow READ 2 Crash state: LossyDctDecoderexecute DwaCompressoruncompress internalexrundodwaa...