ยซ Changelog History


OpenEXR v2.4.2 Release Notes

Release Date: 2020-06-15 // almost 4 years ago

  • ๐Ÿš€ This is a patch release that includes fixes for the following security vulnerabilities:

    • ๐Ÿ†“ CVE-2020-15305 Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile()
    • CVE-2020-15306 Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSize()
    • CVE-2020-15304 Invalid tiled input file could cause invalid memory access TiledInputFile::TiledInputFile()
    • ๐Ÿ“ฆ OpenEXRConfig.h now correctly sets OPENEXR_PACKAGE_STRING to "OpenEXR" (rather than "IlmBase")

    ๐Ÿ”€ Merged Pull Requests

    • ๐Ÿ“ฆ 755 Fix OPENEXR_PACKAGE_NAME
    • 738 always ignore chunkCount attribute unless it cannot be computed
    • 730 fix #728 - missing 'throw' in deepscanline error handling
    • 727 check null pointer in broken tiled file handling