OpenEXR v2.4.2 Release Notes
Release Date: 2020-06-15 // almost 4 years ago-
๐ This is a patch release that includes fixes for the following security vulnerabilities:
- ๐ CVE-2020-15305 Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile()
- CVE-2020-15306 Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSize()
- CVE-2020-15304 Invalid tiled input file could cause invalid memory access TiledInputFile::TiledInputFile()
- ๐ฆ OpenEXRConfig.h now correctly sets OPENEXR_PACKAGE_STRING to "OpenEXR" (rather than "IlmBase")
๐ Merged Pull Requests