A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXRs IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openexr | Openexr | * | 2.4.3 (excluding) |
Openexr | Openexr | 2.5.0 (including) | 2.5.4 (excluding) |