FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute

Affected packages
openexr < 3.1.4

Details

VuXML ID b6ef8a53-8062-11ec-9af3-fb232efe4d2e
Discovery 2021-11-26
Entry 2022-01-28

Cary Phillips reports:

[OpenEXR Version 3.1.4 is a] patch release that [...] addresses one public security vulnerability: CVE-2021-45942 Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute [and several] specific OSS-fuzz issues [...].

References

CVE Name CVE-2021-45942
URL https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
URL https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999
URL https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022
URL https://github.com/AcademySoftwareFoundation/openexr/pull/1209