2 matches found
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the resize function in ImageChannel through the OpenEXRUtil public API. An attacker can cause a heap out-of-bounds write by supplying crafted input that triggers an integer overflow. Remediation Upgrad...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the parsing process of EXR files due to improper validation of user-supplied data length. An attacker can achieve arbitrary code execution by tricking a user into opening a specially crafted malicious EXR...