Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-16587: Fix #491, issue with part number range check reconstructing chunk off… · AcademySoftwareFoundation/openexr@8b5370c

A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.

CVE
Open in Source
#vulnerability#dos#buffer_overflow

Browse files

Fix #491, issue with part number range check reconstructing chunk off…

…set table

The chunk offset was incorrectly testing for a part number that was the same size (i.e. an invalid index)

Signed-off-by: Kimball Thurston [email protected]

  • Loading branch information

kdt3rd committed

Jul 25, 2019

1 parent d5800c1 commit 8b5370c688a7362673c3a5256d93695617a4cd9a

Related news

CVE-2020-15306: openexr/CHANGES.md at main · AcademySoftwareFoundation/openexr

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE