Headline
CVE-2020-16588: Fix logic for 1 pixel high/wide preview images (Fixes #493) · AcademySoftwareFoundation/openexr@7450450
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
@@ -120,8 +120,8 @@ generatePreview (const char inFileName[],
previewHeight = max (int (h / (w * a) * previewWidth + .5f), 1);
previewPixels.resizeErase (previewHeight, previewWidth);
float fx = (previewWidth > 0)? (float (w - 1) / (previewWidth - 1)): 1;
float fy = (previewHeight > 0)? (float (h - 1) / (previewHeight - 1)): 1;
float fx = (previewWidth > 1)? (float (w - 1) / (previewWidth - 1)): 1;
float fy = (previewHeight > 1)? (float (h - 1) / (previewHeight - 1)): 1;
float m = Math<float>::pow (2.f, IMATH_NAMESPACE::clamp (exposure + 2.47393f, -20.f, 20.f));
for (int y = 0; y < previewHeight; ++y)
Related news
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.